Mercurial Grabber.exe Site

The stolen data is bundled and sent via an HTTP POST request to the attacker's Discord webhook. Risk Mitigation If you suspect an infection:

Mercurial Grabber is designed for "smash-and-grab" operations, focusing on the following targets: Mercurial Grabber.exe

Extracts stored passwords, cookies, and autofill data from popular browsers like Google Chrome, Opera, Brave, and Yandex . The stolen data is bundled and sent via

Use reputable tools like Malwarebytes or Windows Defender to locate and remove the executable and its registry entries. Prioritize Discord, email, and gaming accounts

Prioritize Discord, email, and gaming accounts. If you have 2FA enabled, your session tokens might still be at risk until you log out of all sessions.

Below is a technical breakdown of its typical behavior, delivery, and impact. Malware Type: Infostealer / Credential Grabber.

Includes basic anti-debugging and anti-VM (Virtual Machine) checks to detect if it is being run by a security researcher in a sandbox. Delivery Methods