1. Executive Summary

Chihuahua Stealer, a.NET-based information-stealing malware, emerged in April 2025, posing a significant threat through its targeted attacks on browser credentials and cryptocurrency wallet data. This malware, also identified under the alias “Pupkin Stealer” 2, exhibits characteristics that suggest links to a Russian-speaking developer known as “Ardent”. A peculiar trait is the embedding of transliterated Russian rap lyrics within its code, which are displayed on the console during execution, serving as a potential cultural signature of its author. The relatively swift identification of Chihuahua Stealer as Pupkin Stealer by different security vendors, such as G DATA and CyFirma 2, points towards a responsive, albeit sometimes fragmented, threat intelligence sharing ecosystem. This collaborative environment, where malware samples and signatures are disseminated, allows for quicker consolidation of knowledge and the development of defensive strategies, even if initial naming conventions differ.