MirrorStealer

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[MirrorStealer](https://attack.mitre.org/software/S9022) is a credential stealer that has been used by [MirrorFace](https://attack.mitre.org/groups/G1054) since at least 2022 to steal credentials from various applications, including browsers and email clients. [MirrorStealer](https://attack.mitre.org/software/S9022) has been delivered directly into system memory via commands issued by [LODEINFO](https://attack.mitre.org/software/S9020).(Citation: ESET MirrorFace DEC 2022)

Associated Techniques (4)

ID	ATT&CK	Tactics
T1074.001	Local Data Staging	-
T1552.006	Group Policy Preferences	-
T1555	Credentials from Password Stores	-
T1555.003	Credentials from Web Browsers	-

Used by Actors (1)

MirrorFace
Unknown

Metadata

ID:	164193
Created:	28/04/2026 16:00
Updated:	01/05/2026 16:00