The Octalyn Forensic Toolkit, though disguised as an educational tool, is actually a stealthy credential stealer that preys on unsuspecting users. Shared openly on GitHub, it lures in low-skilled actors with a simple builder that creates custom data-stealing payloads using just a Telegram bot token and chat ID. Once deployed, the malware silently steals sensitive information like browser cookies, saved passwords, Discord tokens, crypto wallets, VPN configs, and more organizing everything neatly into folders before zipping it up and sending it back to the attacker via Telegram. What makes Octalyn especially dangerous is how easy it is to use and how convincingly it hides behind a “forensic research” narrative, turning a lightweight GitHub tool into a powerful vehicle for data theft and system compromise.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox
