Gavnosource.rar May 2026

The malware communicates with a remote server using encrypted HTTP POST requests. It sends a compressed .zip or .7z file containing the stolen data to the attacker’s C2 infrastructure.

Scans for browser extensions and desktop files related to MetaMask, Binance, Phantom, and Atomic Wallet. gavnosource.rar

Modifications to Software\Microsoft\Windows\CurrentVersion\Run to ensure the stealer runs on reboot. Remediation Steps If you have executed this file: The malware communicates with a remote server using

Immediately disconnect from the internet. gavnosource.rar