HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage
released on 2025-04-26 @ 10:16:16 AM
The Hannibal Stealer is a sophisticated information-stealing malware, rebranded from Sharp and TX stealers. Developed in C#, it targets Chromium and Gecko-based browsers, extracting sensitive data while bypassing Chrome Cookie V20 protection. Its capabilities extend to cryptocurrency wallets, FTP clients, VPN credentials, and various system information. The malware includes a crypto clipper module and is controlled via a dedicated C2 panel. Sold on dark web forums, it employs geofencing, domain-matching, and comprehensive system profiling. The threat actor behind Hannibal Stealer has been linked to previous iterations, indicating minimal innovation beyond rebranding and updated communication methods. Active Telegram channels and control panels suggest ongoing operations and infrastructure maintenance.