Signals

Monitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real timeMonitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real time

DRAGONS COMMUNITY

Your trusted source for cybersecurity, technology, and AI insights

Platform

News
AI
Vulnerabilities
CVE Database
Threat Intelligence
Ransomware
Resources

Product

Pricing
Enterprise
Dashboard
API
Advertise

Company

About
Careers
Contact
Newsletter

Legal

Privacy Policy
Terms of Service
Cookie Policy

Made with by Dragons Community for the cybersecurity community

support@dragons.community● All Systems Operational

NeonStealer campaign targeting e-commerce payment flows — Dragons Community | Dragons Community

← Threat Intelligence

Malware ActivityTLP:GREENHighConfidence: Medium

NeonStealer campaign targeting e-commerce payment flows

Published May 24, 2026 · open source

Summary

Phishing kits deploying NeonStealer have increased in volume. The stealer harvests browser credentials and payment data from e-commerce sessions.

Safety Note

Fictional malware campaign. No real stolen data, phishing kit URLs or credential samples included.

Approved Safev1.0.0

Related Threat Actors

NeonMarket Crew

cybercrime · Southeast Asia (assessed)

Related Campaigns

Operation CardSwarm

active · E-Commerce, Retail, Financial Services

Related Malware

NeonStealer

stealer · NeonStealer, NS-Grab

MITRE ATT&CK Techniques

T1566.002 — Spearphishing Link

Initial Access

Implement URL filtering and reputation checking. Enable browser isolation for untrusted links. Train users on URL verification.

Related IOCs

attacker@phishing-neon.example.com

Email · Active

phishing-neon.example.com

Domain · Active

https://phishing-neon.example.com/login/checkout

URL · Inactive