Octalyn Stealer Unmasked
The Octalyn Forensic Toolkit, publicly hosted on GitHub, presents itself as a research-oriented tool for digital forensics and red teaming. It consists of a C++-based payload module supported by a Delphi-based builder interface, which simplifies payload generation and allows even low-skilled actors to produce fully functional binaries with minimal effort. The builder requires only a Telegram bot token and chat ID to configure a payload capable of real-time data exfiltration via Telegram.
Despite its claimed educational intent, the toolkit functions as a full-fledged credential stealer. It extracts browser data (passwords, cookies, autofill), Discord and Telegram tokens, VPN configurations, gaming account data, and cryptocurrency wallet artifacts. Once executed, the payload runs stealthily, establishes persistence, and organizes stolen data into structured folders for efficient exfiltration.
Given its ease of use, modular design, and active Telegram-based exfiltration capability, Octalyn poses a significant abuse risk if misused in unauthorized environments. The combination of C++ and Delphi allows the malware to remain lightweight, evasive, and accessible to a wide range of threat actors.
To read the complete article see: