menu_book Malware Family

Phemedrone Stealer

Also known as: Phemedrone

Phemedrone is an open-source-derived infostealer that targets browsers, cryptocurrency wallets, messaging apps, and password managers. It drew attention for being distributed via a Windows SmartScreen bypass vulnerability exploited in the wild.

What is Phemedrone Stealer?

Phemedrone is a C#/.NET infostealer that harvests data from browsers, crypto wallets, Discord, Telegram, and other applications. Its source has circulated openly, lowering the barrier for others to adopt and modify it.

Notable delivery technique

Phemedrone campaigns were observed exploiting a Windows SmartScreen bypass to execute without the usual security warning, demonstrating how stealers pair with fresh vulnerabilities to improve infection rates.

How VantaPrism Tracks Phemedrone Stealer

VantaPrism monitors actively distributed families like Phemedrone, so exposures tied to newer delivery techniques are surfaced promptly.

Check Your Exposure arrow_forward

Frequently Asked Questions

What made Phemedrone notable?

expand_more

It was distributed using a Windows SmartScreen bypass vulnerability, letting it run without the usual security prompt.

Related Terms

Infostealer Malware arrow_outward

Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…

Stealer Logs arrow_outward

A stealer log is the package of data exfiltrated from a single device by infostealer malware. It typically contains s…

Compromised Credentials arrow_outward

Compromised credentials are usernames and passwords that have been exposed to unauthorized parties — frequently throu…

← All Glossary Terms Last reviewed: June 2026