It primarily targets passwords and session cookies stored in Chromium-based and Mozilla browsers.

Stolen login credentials allow criminals to take over corporate accounts or social media profiles.

Gomorrah Stealer first appeared around March 2020 and has evolved through several versions, including version 4.0 and more recently 5.1 and 5.5. It is designed to covertly infiltrate systems to harvest high-value personal and financial data. Core Capabilities and Functions

It can steal session tokens from messaging apps such as Discord and Telegram , as well as email data from clients like Thunderbird.

It uses .NET-based code and Just-In-Time (JIT) compilation to evade static analysis and establishes persistence via Autorun registry entries to survive system reboots. Distribution and Risks

Security experts at Broadcom/Symantec and PC Risk recommend using reputable antivirus software to scan and remove these threats. If infected, victims should immediately from a clean device and enable multi-factor authentication (MFA) across all accounts.

Capability includes taking screenshots of the victim's desktop and gathering system information (PC name, OS version, and installed security software).