Kandji Blog

Potential Stealer: Purrglar in Progress

Unlike traditional viruses or ransomware, stealers are designed with a singular purpose: to quietly infiltrate systems and exfiltrate sensitive data—often without the victim even realizing it. These malicious programs are highly focused on gathering personal information, usually to be sold or used for further criminal activity. Kandji's Threat Research team discovered another potential stealer named kitty that was uploaded to VirusTotal on 1/10/2025. This stealer, which we're calling Purrglar, focuses primarily on capturing Chrome and Exodus wallet-related files. What is most interesting is the use of the Security Framework APIs to query the macOS Keychain. It is unclear if this application is currently in a development phase since localhost is used as the destination for the captured and uploaded files…