Poulight stealer, a new infostealer on the cybercrime market. Poulight stealer has an incredible potential to steal sensitive information. The infection begins with anti-VM checks and ensures no previous infections are present. If all checks pass, the stealing behavior starts. First, hardware, software, and running process information is gathered. Then a clipper module is started. Next, various data is stolen from applications such as FileZilla, Discord, Telegram, and more. Desktop and webcam snapshots are also taken. Lastly, sensitive documents are identified based on specific file extensions and keywords. All data is gathered, stored in a custom data structure, and sent to the malware’s C2. After this data is received by the C2 server, additional components are downloaded and executed on the victim host.