The security of crypto wallets has been a question mark for some time. And now, there's a Windows vulnerability leaving users infected with a previously unknown infostealer that's draining crypto wallets. It's called Phemedrone Stealer and malicious campaigns are exploiting this Windows vulnerability to steal crypto wallet contents and other sensitive information from victims.

What Phemedrone Stealer Steals

Although Microsoft released a patch (CVE-2023-36025) late last year, malware campaigns using Phemedrone Stealer accounted for the vulnerability in their attacks. The attackers use malicious .url files to download and exploit the vulnerability that bypasses checks and warnings from Microsoft Defender.

Just some of what Phemedrone Stealer actually steals includes: Data from crypto wallets like Bytecoin, Armory, Electrum, and Guarda; Passwords, autofill, and other data from chromium-based browsers like Microsoft Authenticator, Google Authenticator, LastPass, and Duo Mobile; Operating system information; and screenshots of whatever they want to.

No one is quite sure how much Phemedrone Stealer has stolen from crypto wallets. But according to De.Fi, $2 billion was hijacked from these wallets last year. It's safe to say Phemedrone Stealer played a part in that massive total and will continue to pilfer crypto from unpatched devices. The cyber-smart answer to avoid this sneaky infostealer is immediately applying the security patch available and be sure to keep all of your devices up-to-date at all times.