: Monitors the system clipboard for cryptocurrency wallet addresses. When a victim copies an address for a transaction, the malware replaces it with the attacker’s wallet address to divert funds.

: Targets sensitive data from Chromium and Firefox-based browsers, including saved passwords, cookies, credit card details, and autofill data. It also harvests session tokens from Discord, Telegram, Steam, and VPN clients.

Stealerium is designed for extensive data harvesting through three primary modules: