Skip to main content
Home Doenerium

Doenerium

Also known as: Döenerium, DedSec Stealer

Category: Malware

Type: Information stealer

Platform: Windows

Variants: -

Damage potential: Stolen credentials, stolen cryptocurrency, sensitive data leakage, financial loss.

Overview

Doenerium is information-stealing malware that has been active since 2022. It’s an affordable and easy-to-use stealer as a service that can be purchased or rented in underground online forums. Even less-skilled cybercriminals can adapt this malware to their schemes. Doenerium can spread through various mediums, including phishing emails, malicious links, and attachments. It can also act as a trojan bundled with legitimate software.

Doenerium often steals sensitive data from web browsers, cookies, and crypto wallets. It can also exfiltrate stolen data from the Discord messaging platform through webhook, which allows real-time data sharing between applications. Using Doenerium, cybercriminals can unlock the target’s accounts to make transactions or run more elaborate multi-stage attacks.

Possible symptoms

Doenerium is a stealthy malware whose purpose is to remain unnoticed for as long as possible. Regardless, you can catch Doenerium at work if:

  • Your network activity has unexpectedly increased.
  • Applications you use start behaving unpredictably, for instance, freezing or suddenly slowing down.
  • The autofill data on your browser is altered or missing.
  • You notice some unauthorized transactions from your crypto wallet.
  • You experience trouble logging in to your accounts even if your credentials are correct.
  • Security solutions on your device notify you of suspicious network activity or attempts to access your browser data, cookies, or autofill data.

Sources of the infection

Like most other types of malware, Doenerium spreads through infected email attachments, malicious links and ads, pirated software, fake websites, and drive-by downloads.

Protection

You can protect yourself from Doenerium and similar threats by being cautious online:

  • Don’t open files or links in suspicious emails, especially from unknown senders.
  • Only download software from official websites.
  • Block Discord webhooks since Doenerium often uses them to exfiltrate data.
  • Limit user privileges to stop malware from escalating their reach.
  • Scan downloaded files for malware and hide harmful ads with NordVPN’s Threat Protection Pro™.
  • Make sure your operating system and all software are updated.
  • Enable multi-factor authentication (MFA) to prevent cybercriminals from accessing your accounts, even if they stole your passwords.

Removal

If you think Doenerium might have infected your device, use a reliable antivirus solution to detect and remove the threat:

  • Run a full system scan.
  • Follow the steps suggested by your antivirus software.
  • Run a post-removal scan to ensure no traces are left.
  • Reset passwords for all potentially compromised accounts.