WinSCP/PuTTY session stealers (commodity infostealers)

Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.