Malware REMUS infostealer evolves into sophisticated malware-as-a-service platform May 18, 2026 Share By SC Staff Per Bleeping Computer, a new infostealer malware known as REMUS has emerged, with security researchers from Flare analyzing its underground operation and rapid evolution into a sophisticated malware-as-a-service (MaaS) platform. Flare's analysis of 128 posts between February and May 2026 reveals REMUS's aggressive development cycle, mirroring structured software businesses. Initially focused on browser credential theft and basic log management, the operation rapidly expanded to include session theft, password manager targeting, and operational scalability. Updates introduced features like restore-token functionality, improved Telegram delivery, and enhanced operational visibility, shifting REMUS from a simple malware executable to a comprehensive platform. The malware exhibits technical similarities to Lumma Stealer, but its underground activity highlights a strong commercialization focus, emphasizing usability, 24/7 support, and high callback rates. By April 2026, REMUS incorporated support for password managers like 1Password and LastPass, and IndexedDB storage, indicating a move towards concentrated credential stores. This evolution signifies a broader trend in cybercrime, where MaaS operations prioritize continuous development, customer support, and long-term monetization through authenticated session theft and persistent access. Source: Bleeping Computer SC Staff Related Malware Hackers use PyInstaller to hide XWorm malware SC Staff May 15, 2026 The attack begins with deceptive emails or fake software updates containing a seemingly harmless file. Malware Fake job interviews used to deploy JobStealer malware SC Staff May 14, 2026 The campaign involves scammers posing as recruiters and inviting victims to online interviews via custom platforms that mimic legitimate services like Cisco Webex. Malware New CRPx0 malware campaign uses OnlyFans lure for crypto theft and ransomware SC Staff May 13, 2026 The CRPx0 campaign, analyzed by Aryaka Threat Research Labs, uses a malicious zip file containing a shortcut that appears to lead to free OnlyFans accounts. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Adware You can skip this ad in 5 seconds