HOMETHREATSColdStealer
MALWARE FAMILY

ColdStealer

Internal ID: win.coldstealer
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

ColdStealer is a relatively new malicious program that was discovered in 2022. Like many other stealers its main purpose is to steal credentials and information from web browsers, in addition to stealing cryptocurrency wallets, FTP credentials, various files and information about the system such as OS version, system language, processor type and clipboard data. When the infostealer collects information that will be stolen, it saves the information in the ZIP form instead of files in the memory. Doing so will allow the malware to bypass detection as there are no traces of files and execution. The only known method of delivering stolen information to cybercriminals is by sending a ZIP archive to the hardcoded command and control (C2) server.

Threat Analysis

ColdStealer is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

External References

Quick Facts

TypeMalware Family
Aliases1

Also Known As

win.coldstealer

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
ColdStealer — Malware Family | Threat Intelligence | CTIWATCH.COM