{"id":33920,"date":"2026-01-05T02:44:39","date_gmt":"2026-01-05T02:44:39","guid":{"rendered":"http:\/\/localhost\/?p=33920"},"modified":"2026-01-05T02:44:39","modified_gmt":"2026-01-05T02:44:39","slug":"new-vvs-stealer-malware-targets-discord-accounts-via-obfuscated-python-code","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=33920","title":{"rendered":"New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code_THN:8E4CE2BC32922B934D8418F6DBCC6CF6"},"content":{"rendered":"

{“lastseen”:”2026-01-05T07:49:28″,”description”:”![](data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)\\n\\nCybersecurity researchers have disclosed details of a new Python-based information stealer called **VVS Stealer** (also styled as VVS $tealer) that’s capable of harvesting Discord credentials and tokens.\\n\\nThe stealer is said to have been on sale on Telegram as far back as April 2025, according to a report from Palo Alto Networks Unit 42.\\n\\n\\”VVS stealer’s code is obfuscated by Pyarmor,\\” researchers Pranay Kumar Chhaparwal and Lee Wei Yeong said. \\”This tool is used to obfuscate Python scripts to hinder static analysis and signature-based detection. Pyarmor can be used for legitimate purposes and also leveraged to build stealthy malware.\\”\\n\\nAdvertised on Telegram as the \\”ultimate stealer,\\” it’s available for \u20ac10 ($11.69) for a weekly subscription. It can also be purchased at different pricing tiers: \u20ac20 ($23) for a month, \u20ac40 ($47) for three months, \u20ac90 ($105) for a year, and \u20ac199 ($232) for a lifetime license, making it one of the cheapest stealers for sale.\\n\\n![Cybersecurity](data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)\\n\\nAccording to a report published by Deep Code in late April 2025, the stealer is believed to be the work of a French-speaking threat actor, who is also active in stealer-related Telegram groups such as Myth St\u0435aler and \u0415\u0443es Ste\u0430l\u0435r GC.\\n\\nThe Pyarmor-protected VVS Stealer malware is distributed as a PyInstaller package. Once launched, the stealer sets up persistence by adding itself to the Windows Startup folder to ensure that it’s automatically launched following a system reboot.\\n\\n![](data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)\\n\\nIt also displays fake \\”Fatal Error\\” pop-up alerts that instruct users to restart their computers to resolve an error and steal a wide range of data -\\n\\n * Discord data (tokens and account information)\\n * Web browser data from Chromium and Firefox (cookies, history, passwords, and autofill information)\\n * Screenshots\\n\\n\\n\\nVVS Stealer is also designed to perform Discord injection attacks so as to hijack active sessions on the compromised device. To achieve this, it first terminates the Discord application, if it’s already running. Then, it downloads an obfuscated JavaScript payload from a remote server that’s responsible for monitoring network traffic via the Chrome DevTools Protocol (CDP).\\n\\n\\”Malware authors are increasingly leveraging advanced obfuscation techniques to evade detection by cybersecurity tools, making their malicious software harder to analyze and reverse-engineer,\\” the company said. \\”Because Python is easy for malware authors to use and the complex obfuscation used by this threat, the result is a highly effective and stealthy malware family.\\”\\n\\n![Cybersecurity](data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)\\n\\nThe disclosure comes as Hudson Rock detailed how threat actors are using information stealers to siphon administrative credentials from legitimate businesses and then leverage their infrastructure to distribute the malware via ClickFix-style campaigns, creating a self-perpetuating loop.\\n\\n\\”A significant percentage of domains hosting these campaigns are not malicious infrastructure set up by attackers, but legitimate businesses whose administrative credentials were stolen by the very infostealers they are now distributing,\\” the company said.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2026-01-05T07:48:00″,”modified”:”2026-01-05T07:48:25″,”type”:”thn”,”title”:”New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code”,”source”:””,”references”:””,”id”:”THN:8E4CE2BC32922B934D8418F6DBCC6CF6″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2026\/01\/new-vvs-stealer-malware-targets-discord.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-01-05T07:49:28″,”description”:”![](data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)\\n\\nCybersecurity researchers have disclosed details of a new Python-based information stealer called **VVS Stealer** (also styled as VVS $tealer) that’s capable of harvesting Discord credentials…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,11,43,5],"class_list":["post-33920","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\nNew VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code_THN:8E4CE2BC32922B934D8418F6DBCC6CF6 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=33920\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code_THN:8E4CE2BC32922B934D8418F6DBCC6CF6 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-01-05T07:49:28″,”description”:”![](data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)nnCybersecurity researchers have disclosed details of a new Python-based information stealer called **VVS Stealer** (also styled as VVS $tealer) that’s capable of harvesting Discord credentials...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=33920\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-05T02:44:39+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33920#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33920\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code_THN:8E4CE2BC32922B934D8418F6DBCC6CF6\",\"datePublished\":\"2026-01-05T02:44:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33920\"},\"wordCount\":681,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"Security\",\"tapic\",\"thn\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=33920#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33920\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33920\",\"name\":\"New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code_THN:8E4CE2BC32922B934D8418F6DBCC6CF6 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-01-05T02:44:39+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33920#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=33920\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33920#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code_THN:8E4CE2BC32922B934D8418F6DBCC6CF6\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code_THN:8E4CE2BC32922B934D8418F6DBCC6CF6 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=33920","og_locale":"en_US","og_type":"article","og_title":"New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code_THN:8E4CE2BC32922B934D8418F6DBCC6CF6 - zero redgem","og_description":"{“lastseen”:”2026-01-05T07:49:28″,”description”:”![](data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)nnCybersecurity researchers have disclosed details of a new Python-based information stealer called **VVS Stealer** (also styled as VVS $tealer) that’s capable of harvesting Discord credentials...","og_url":"https:\/\/zero.redgem.net\/?p=33920","og_site_name":"zero redgem","article_published_time":"2026-01-05T02:44:39+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=33920#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=33920"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code_THN:8E4CE2BC32922B934D8418F6DBCC6CF6","datePublished":"2026-01-05T02:44:39+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=33920"},"wordCount":681,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","Security","tapic","thn","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=33920#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=33920","url":"https:\/\/zero.redgem.net\/?p=33920","name":"New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code_THN:8E4CE2BC32922B934D8418F6DBCC6CF6 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-01-05T02:44:39+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=33920#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=33920"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=33920#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code_THN:8E4CE2BC32922B934D8418F6DBCC6CF6"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/33920","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=33920"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/33920\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=33920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=33920"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=33920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}