T1555
Credentials from Password Stores
discovered 2026-06-17Rust infostealer reads 30+ crypto wallet stores (MetaMask, Phantom, Trust Wallet, Solflare, Keplr, Ledger, Trezor, ...) and browser password stores (Chrome/Brave/Firefox/Edge passwords, cookies, history, autofill, cards), plus Discord tokens and Telegram session data (Amazon Inspector).