On 29 March 2023, Cyble reported that they discovered a new InfoStealer titled Creal whose source code and builder are publicly accessible. Cyble observed the stealer delivered via phishing websites and collects login credentials and cookies from various browsers with data exfiltration occurring via Discord or through various file hosting and sharing services. This threat is highly likely operating now, with a roughly even chance of targeting customers. Currently, the threat is reported as limited, but reporting of the public availability will likely cause the threat to become widespread. Customers will likely fit an adversary’s interest and make the likelihood of compromise consistent or higher than normal. ATI recommends mitigative action occur within the normal business cycle, which includes blocking certain websites or attachment types (such as Telegram, Discord, .lnk, and .iso.) if they are not necessary for business operations.