APT / THREAT GROUP
Remus
2
aliases
Last seen:Apr 10, 2026
Intelligence Profile
According to Gen, this is most likely the 64bit evolution of Lumma Stealer. It is capable of stealing stored browser passwords, cookies, cryptocurrency, and much more. It also uses EtherHiding to resolve C2s, replacing the traditional use of Steam and Telegram dead drop resolvers, and has additional anti-analysis checks.
Threat Analysis
Remus is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Remus
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
The Hacker News· Jun 4, 2026
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
BleepingComputer· May 15, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
Remuswin.remus
External Intelligence
Malpedia: win.remusResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.