Mercurial — Grabber.exe

Extracts stored passwords, cookies, and autofill data from popular browsers like Google Chrome, Opera, Brave, and Yandex .

Written in C# (C Sharp) using the .NET framework, making it relatively easy to reverse-engineer if it isn't obfuscated. Mercurial Grabber.exe

The file is the compiled output of an open-source information stealer (infostealer) originally published on GitHub in 2021. While its creators claimed it was for "educational purposes," it has been widely adopted by threat actors to steal personal data from gamers and casual web users. Extracts stored passwords, cookies, and autofill data from

Attackers rarely name the file "Mercurial Grabber.exe" when sending it to victims. Instead, they disguise it as: Extracts stored passwords