Malware4 min read
Infostealer Campaign Abuses Bun Runtime to Evade Detection
NWHStealer spreads via fake gaming mods and TradingView scripts, using Bun JavaScript runtime and XOR-encrypted C2 to bypass security tools.
James RiveraMay 9, 2026
Nwhstealer
2 articles tagged with "Nwhstealer"
Malware4 min read
NWHStealer Spreads via Fake Proton VPN Sites and Gaming Mods
Multiple campaigns distribute NWHStealer infostealer through counterfeit Proton VPN installers, gaming modifications, and YouTube-promoted downloads. Targets browser data and 25+ crypto wallets.
James RiveraApr 16, 2026