Tarasande Client May 2026

Feature: Automated Task Management with Customizable Workflows

Example of a Detected Campaign (2023)

In one notable campaign, threat actors created a fake "Company Employee Benefits Survey" email. The attached .docm file, when opened, prompted the user to enable macros. Once enabled, it downloaded Tarasande Client from a legitimate-looking but compromised WordPress site. The malware then exfiltrated browser cookies to hijack active Microsoft 365 sessions, leading to BEC (Business Email Compromise) attacks on the victim’s organization. Tarasande Client

Disclaimer: This article is for educational purposes only. The author does not endorse or distribute malware. Always consult a professional IT security expert for active infections. The malware then exfiltrated browser cookies to hijack

: Designed to be opened and run within Integrated Development Environments (IDEs) for active modification and testing. Installation & Setup For developers looking to use or contribute to the project: Clone the Repository git clone https://github.com/Sumandora/tarasande.git Generate Source : On Windows, use the command gradlew :genSources gradlew build to compile or gradlew :runClient to launch the client in a development environment. Safety and Community The project is hosted publicly on Always consult a professional IT security expert for

Key Characteristics

| Attribute | Details | |-----------|---------| | Type | Infostealer / Password Stealer | | First Seen | Late 2021 – Early 2022 | | Primary Targets | Browser data, crypto wallets, email clients, FTP clients | | Delivery Methods | Phishing emails, malvertising, fake software downloads | | Persistence | Scheduled tasks, registry run keys | | C2 Communication | HTTPS (often using Telegram API as exfiltration channel) |