An infostealer, or information stealer, is malware that infiltrates computers or devices to steal data. As its name infers, when installed, the stealer raids the device for all kinds of data. For example, login credentials, session cookies, browser history, bank or credit card details, or other personally identifiable information (PII). Some infostealers can also take screenshots of your device.
Many infostealers also let cybercriminals take control of your device without you noticing, turning it into the zombie of a botnet. This lets cybercriminals use your device for activities such as:
- Distributed denial-of-service (DDoS attacks, also known as ddosing.
- VPN-like services, where they redirect their web traffic through your device.
- Phone authentication schemes, where they intercept access and use the access tokens and one-time passwords (OTPs) sent to your phone.
Infostealers are increasingly available on the dark web, with a new breed of cybercriminals focusing solely on their distribution, offering them as a service for as little as $12. This makes them a growing threat to organizations of all sizes. According to Secureworks, the volume of credentials stolen using infostealers and for sale on the dark web grew by 150 percent between June 2022 and February 2023.
Examples of infostealers include:
- Emotet, which is sent to victims as an email attachment and steals their bank account details.
- TrickBot, which steals financial information after sabotaging the victim’s anti-virus software.
How infostealers work
Infostealers can be installed on the victim’s computer or device in various ways, including:
- Phishing emails that trick the recipients into clicking malicious links or attachments. For example, during the global pandemic TrickBot was spread by fake emails about COVID-19.
- Malicious websites that exploit browser vulnerabilities.
- Software vulnerabilities, particularly in outdated or unpatched software.
- Pirated software, where hackers let you download a cracked or patched version of a popular app or game and in return, they steal your data.
Once the malware has gained access to the computer or other device, it extracts the types of data it’s configured to steal.
The infostealer uploads the stolen information to a server. From there, an attacker can sell it on the dark web – in some cases, with turnaround times measured in days from the day of device infection to data publication – or use it to launch further attacks, such as:
- Breaking into the compromised systems and accounts to commit theft or fraud.
- Impersonating their victim to carry out social engineering attacks.
- Installing other malicious software, such as ransomware, targeting more sensitive areas of the victim’s systems.
How to protect yourself and your organization
Keeping your organization safe from infostealers requires awareness, best practices, and technology.
Educate your employees
Educate and train your employees about security risks. Ensure they are always suspicious of unexpected emails and can recognize potential phishing or spear phishing attacks.
Strive to create an environment where everyone sees information security as their responsibility.
Keep your IT systems updated and secure
Check your technology infrastructure regularly for vulnerabilities. If necessary, engage a third-party provider to perform penetration testing.
Keep your anti-virus and malware systems updated, and always use the most recent versions of all your software and apps. Install updates and patches when available.
Manage your passwords
Use a unique, strong password for each of your accounts and update each password regularly to a new one you haven’t used before. Wherever possible, enable two-factor authentication.
Proactive threat monitoring
Working quickly and silently, infostealers can do serious harm before they’re detected. Your PII can be sold on the dark web before you notice it’s been stolen.
This is where Cybercheck can help. We infiltrate cybercriminal networks to help you stay safe by constantly monitoring forums across the open, deep and dark web where cybercriminals buy and sell stolen data.
If cybercriminals are trading malware-based stealer logs about you or your organization, we alert you right away. That means you can block access, change passwords, and stop the cybercriminals before they make you their next victim.
