Information-stealing Saintstealer malware does not only steal usernames, passwords, and credit card details but also exfiltrates various system data, The Hacker News reports. With anti-analysis checks, Saintstealer could self-terminate in virtual or sandboxed environments. Moreover, the infostealer could also send compressed stolen screenshots, credentials, browser-stored autofill data, and Discord multi-factor authentication tokens to a Telegram channel, as well as deliver stolen data-related metadata to a remote command-and-control server, a Cyble report revealed. Researchers also found the association between the C2 domain's IP address and various stealers, such as QuasarRAT, Nixscare stealer, BloodyStealer, EchelonStealer, and Predator stealer. "Information stealers can be harmful to individuals as well as large organizations. If even unsophisticated stealers like Saintstealer gain infrastructural access, it could have devastating effects on the cyberinfrastructure of the targeted organization," said researchers. The findings come after Cyble researchers reported on the Prynt Stealer malware last month, with the infostealer found to leverage a clipper module to enable financial theft and keylogging.