From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers
released on 2026-01-20 @ 08:41:07 AM
The Evelyn Stealer campaign targets software developers through weaponized Visual Studio Code extensions, employing a multistage delivery of information-stealing malware. The attack chain involves a downloader disguised as a legitimate Lightshot DLL, an injector that uses process hollowing to inject the final payload, and the Evelyn Stealer itself. The malware implements sophisticated anti-analysis techniques, collects sensitive information including browser credentials and cryptocurrency data, and exfiltrates the stolen data via FTP. This campaign highlights the increasing threat to developer communities and the need for enhanced security measures in development environments.