Key Findings

• Researchers at Point Wild have discovered a new Windows malware campaign using the Pulsar RAT and Stealerv37.

• The malware hides in the computer's memory to steal passwords, cryptocurrency, gaming accounts, and other sensitive data.

• Attackers are able to interact with victims through a live chat window while the malware operates in the background.

• The malware uses living-off-the-land techniques to bypass detection by most antivirus programs.

Background

The Lat61 Threat Intelligence Team at Point Wild has uncovered a sophisticated Windows malware attack that goes beyond the typical silent infection. This new threat not only steals sensitive information but also allows the attackers to communicate with victims in real-time through a live chat window.

Malware Infection Vector

The attack starts with a small, hidden file such as 0a1a98b5f9fc7c62.bat, which is tucked away in the %APPDATA%\Microsoft area of the victim's computer. This file then uses living-off-the-land techniques to hijack trusted system tools like PowerShell to run its code entirely in the system's memory, avoiding detection by traditional antivirus programs.

Malware Capabilities

The malware is equipped with two main components: the Pulsar RAT and Stealerv37. The Pulsar RAT allows the attackers to monitor the victim's webcam and microphone, while the Stealerv37 component steals a wide range of sensitive information, including:

• Cryptocurrency wallets

• Browser passwords and cookies

• VPN credentials

• Developer tools

• Gaming accounts (e.g., Steam, Roblox)

All the stolen data is then compressed and exfiltrated to the attackers via Discord and Telegram.

Live Interaction with Victims

What sets this malware apart is the ability of the attackers to actively communicate with their victims through a live chat window. As Dr. Zulfikar Ramzan, the head of the Lat61 team, explained to Hackread.com, "this isn't just malware running in the background," as the researchers observed the live attackers deploying additional payloads while chatting with victims.

Persistence and Anti-Detection Measures

The malware has several mechanisms to ensure persistence and avoid detection. It can disable the Windows Task Manager and User Account Control (UAC) security prompts, making it harder for victims to detect and stop the infection. Additionally, the malware has a watchdog feature that restarts the infection if it is ever interrupted.

Recommendations for Users

To stay safe from this threat, users should regularly check their Windows Startup applications for any suspicious-looking programs, be wary if their computer stops showing security permission prompts, and always use two-factor authentication to protect their accounts.

Sources

• https://hackread.com/windows-malware-pulsar-rat-live-chats-steal-data/

• https://news.backbox.org/2026/01/31/windows-malware-uses-pulsar-rat-for-live-chats-while-stealing-data/