T1555

Credentials from Password Stores

discovered 2026-06-17

Rust infostealer reads 30+ crypto wallet stores (MetaMask, Phantom, Trust Wallet, Solflare, Keplr, Ledger, Trezor, ...) and browser password stores (Chrome/Brave/Firefox/Edge passwords, cookies, history, autofill, cards), plus Discord tokens and Telegram session data (Amazon Inspector).

View on MITRE ATT&CK

Seen in packages

Campaigns