A sophisticated threat campaign has emerged, marked by the pairing of LeakyInjector and LeakyStealer, two newly discovered malware strains targeting users to siphon cryptocurrency assets and browser history.
Hybrid Analysis’s deep dive exposes these threats’ technical prowess and operational coordination, signaling a dangerous escalation in cybercriminal ambition throughout October 2025.
Two-Stage Attack: Precision and Stealth
The infection cycle begins with LeakyInjector, a 64-bit Windows executable ingeniously signed with a valid Extended Validation (EV) digital certificate.
This unusual legitimacy enables it to bypass security scrutiny, while its large file size, padded with null bytes, further hinders detection.
Upon execution, LeakyInjector searches for the explorer.exe process and deploys low-level Windows APIs to inject an encrypted payload, LeakyStealer, into memory.
This…
