In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to frustrate detection.
June 16, 2026
A threat actor is targeting banks and other high-value organizations in a phishing campaign to deliver Phantom Stealer, a credential and session-stealing malware designed to evade conventional endpoint defenses.
What makes the campaign concerning, according to researchers at Fortra, is the adversary's use of heavily obfuscated, fileless techniques to complicate detection and enable the malware to execute largely in memory.
"The actor's primary objective is the silent theft of browser credentials, session cookies, and financial data, with exfiltration through four parallel channels (Telegram, Discord, FTP, SMTP) for redundancy," Fortra said in a report this week. "The combination of targeted phishing delivery, advanced evasion techniques, broad credential harvesting capabilities, and a resilient multi-channel exfiltration infrastructure places this threat in the high-severity category," the security vendor warned.
