Extracts stored passwords, cookies, and autofill data from popular browsers like Google Chrome, Opera, Brave, and Yandex .
Attackers rarely name the file "Mercurial Grabber.exe" when sending it to victims. Instead, they disguise it as: Mercurial Grabber.exe
The stolen data is bundled and sent via an HTTP POST request to the attacker's Discord webhook. Risk Mitigation If you suspect an infection: Extracts stored passwords, cookies, and autofill data from
Collects machine info, including Windows product keys, IP addresses, hardware specs, and desktop screenshots. Extracts stored passwords
Extracts stored passwords, cookies, and autofill data from popular browsers like Google Chrome, Opera, Brave, and Yandex .
Attackers rarely name the file "Mercurial Grabber.exe" when sending it to victims. Instead, they disguise it as:
The stolen data is bundled and sent via an HTTP POST request to the attacker's Discord webhook. Risk Mitigation If you suspect an infection:
Collects machine info, including Windows product keys, IP addresses, hardware specs, and desktop screenshots.
The Ndless team © Copyright 2025. Background by Levak.
