Researchers at Point Wild have discovered a sneaky new Windows malware campaign using the Pulsar RAT and Stealerv37. This threat hides in your computer’s memory to steal passwords, crypto, and gaming accounts, all while allowing hackers to interact with victims through a live chat window.
Cybersecurity researchers at the Lat61 Threat Intelligence Team at Point Wild have found a new type of Windows attack where the hackers actually talk back to their victims via a live chat window while they ransack their files. In research shared exclusively with Hackread.com, the team explained that this isn’t just a simple virus; it’s a full-scale digital break-in.
The ghost in the machine
According to Point Wild’s report, the attack starts with a tiny, hidden file like 0a1a98b5f9fc7c62.bat tucked away in your computer’s system folders, specifically in the %APPDATA%Microsoft area.
Once it’s in, it doesn’t just sit there; it uses a clever trick called living-off-the-land, where it hijacks the computer’s own trusted tools, like PowerShell, to run its code entirely in the system’s memory. Because it doesn’t save traditional files to your hard drive, most basic antivirus programs will not detect it.
Further probing revealed that the hackers are using a tool called Donut to inject their malware into everyday processes you’d never suspect, such as explorer.exe. If the virus is ever stopped, it has a watchdog feature that simply restarts it a few seconds later. It is worth noting that the malware can even disable your Task Manager and UAC security prompts to stop you from fighting back.
What are they after?
Researchers believe the main goal is total theft. Attackers are using two main pieces of kit- the Pulsar RAT and Stealerv37. While the RAT lets them watch you through your webcam or listen to your microphone, the Stealer part goes after your digital life. This malware is incredibly “greedy” as it targets your money by scanning for crypto wallets and monitoring your clipboard to swap out your payment addresses for the hacker’s own.
Also, it invades your privacy by stealing passwords and cookies from browsers like Chrome and Edge. Furthermore, it harvests data from VPNs like NordVPN, developer tools, and gaming accounts like Steam and Roblox. All this loot is zipped up and sent to the hackers via Discord and Telegram. This shows it isn’t an ordinary threat at all.
As Dr Zulfikar Ramzan, the head of the Lat61 team, revealed to Hackread.com, “this isn’t just malware running in the background,” as his team saw live attackers chatting with victims while silently deploying more payloads in the background. It’s certainly a reminder that today’s cybercrime is a dynamic operation rather than just a static infection.
To stay safe, regularly check your Windows Startup apps for random-looking program names, remain wary if your computer stops showing security permission prompts, and always use two-factor authentication to block hackers from accessing your accounts.