Diagram illustrating Shuyal malware's data extraction methods

The cybersecurity community is raising alarms about Shuyal, a newly discovered stealer malware that significantly broadens its attack scope beyond traditional browsers. Unlike most infostealers that focus on popular platforms like Chrome and Edge, Shuyal targets 19 different browsers, including privacy-focused options such as Tor, Brave, Vivaldi, and Waterfox.

Diagram illustrating Shuyal malware's data extraction methodsDiagram illustrating Shuyal malware's data extraction methods

Shuyal is one of the most aggressive infostealers to date, capable of extracting sensitive data, including login credentials and system-level information like disk serial numbers, input device details, monitor configurations, clipboard content, and screenshots. This data can create a detailed behavioral and device fingerprint, making it a tool for targeted attacks and identity theft.

Diagram illustrating Shuyal malware's data extraction methodsDiagram illustrating Shuyal malware's data extraction methods

Researcher Vlad Pasca, who first documented Shuyal, noted that it also steals Discord tokens, which attackers can use to hijack social media accounts and launch phishing campaigns.