Articles about infostealers

Advanced phishing kits and info-stealing malware have accounted for a 156 percent jump in cyberattacks targeting user logins.

A new report from cybersecurity company eSentire shows attackers are increasingly opting for obtaining login credentials and session cookies via phishing or malware. This then allows them to carry out Business Email Compromise (BEC) attacks, gain access to bank accounts, or steal cryptocurrency.

Continue reading →

Analysis of almost 93,000 threats detected within more than 308 petabytes of security telemetry by Red Canary shows infostealer malware infections on the rise across both Windows and macOS platforms.

Used to gather identity information and other data at scale, in 2024 LummaC2 was the most prevalent stealer detected in 2024, operating under a malware-as-a-service model, and selling for anywhere from $250 per month to a one-time payment of $20,000.

Continue reading →

Social media has seen a 335 percent boom in new scams using deepfake videos and company-branded posts to lure victims into fraudulent investment schemes.

The latest threat report from ESET tracks these as HTML/Nomani, the countries with the most detections being Japan, Slovakia, Canada, Spain, and Czechia.

Continue reading →

The latest threat detection data from Red Canary shows that Atomic Stealer -- an infostealer that targets credentials, payment card data, keychain details, and cryptocurrency wallet information on macOS devices -- has entered the top 10 threats.

Other notable appearances include Scarlet Goldfinch -- an 'activity cluster' that uses fake browser updates to trick users into downloading a legitimate remote management and monitoring tool that can be abused to deploy malicious software -- and ChromeLoader -- a malicious browser extension that reads and hijacks browser traffic to redirect it to specific sites, likely to conduct pay-per-click advertising fraud.

Continue reading →

A new report from SpyCloud finds that Ransomware is seen as the biggest cybersecurity threat across every industry, with 75 percent of organizations affected by ransomware more than once in the past 12 months -- a jump from 61 percent in 2023.

Based on a survey of 510 individuals in active cybersecurity roles within organizations in the US and the UK with at least 500 employees, the report shows some industries are more at risk than others, with insurance firms 6.3x more likely to experience a ransomware attack and healthcare 2.1x more likely.

Continue reading →

A rise in identity-based attacks can be laid at the door of a rapid increase in malware, according to a new report. Analysis by SpyCloud finds that 61 percent of data breaches in 2023, involving over 343 million stolen credentials, were infostealer malware-related.

Researchers also report that the average identity had a one in five chance of already being the victim of an infostealer infection. Infostealer malware enables criminals to collect vast amounts of information about the user and the device, including a user's session cookies, API keys and webhooks, crypto wallet addresses, and more.

Continue reading →

A new report from SpyCloud shows that while 79 percent of organizations say they are confident in their ransomware defenses, 81 percent were affected at least once in the past 12 months.

The study also shows that infostealer infections preceded 22 percent of ransomware events for North American and European ransomware victim companies in 2023. 76 percent of infections that preceded these ransomware events involved the Raccoon infostealer malware.

Continue reading →

A new report from the Secureworks Counter Threat Unit (CTU) uncovers a thriving market in infostealer logs that serves as a key enabler for some of the most damaging forms of cybercrime such as ransomware attacks.

On the 'Russian Market' site alone, the number of logs for sale increased by 150 percent in less than nine months, from two million on a single day in June 2022 to over five million on a single day in late February 2023.

Continue reading →