Infostealers are a rising threat targeting individuals and organizations alike. These malware variants are designed to steal sensitive data, including passwords, credit card information, and cryptocurrency wallets. Infostealers then use the stolen data to gain control of your online identity and infiltrate various web platforms.
Recent research by Netskope Threat Labs has shed light on a concerning trend: infostealers have emerged as the leading malware threat targeting the healthcare sector.
An infostealer, also known as a "stealer," is a type of malware, typically a trojan virus, that disguises itself and gathers sensitive information. Its primary purpose is to collect data from infected computers.
The types of sensitive information that infostealers target include passwords saved across all browsers, cookies, computer search history, credit card information, cryptocurrency wallets, basic information about your computer (such as the operating system, hardware, and installed software), and login credentials for various platforms and accounts. Once the infostealer has collected this information, it compiles it into an archive known as a log.
The stolen data log obtained by infostealers contains highly sensitive information that can enable widespread command and control. This allows malicious actors to take full control of your online identity, gaining access to your credit cards, cryptocurrency wallets, and other accounts. Infostealers can infiltrate various web platforms, including email, banking, gaming, social media, crypto trading, and online shopping and marketplaces.
Infostealers can access your accounts by directly pasting your online cookie data into any browser, granting them access without needing passwords. Additionally, infostealer malware has become popular for cybercriminals to collaborate, sharing sensitive data via dark web forums or private communities.
To gain access to your sensitive data, infostealers rely on various channels to trick you into opening a virtual entryway. These channels include cracked software and games, fake password crackers, fake account recovery software, ads for cleaner software, and phishing emails. These are just a few examples of the channels that infostealers can exploit, and the list is by no means exhaustive.
Read more: What is a phishing attack?
Creating infostealer malware requires knowledge and skill, but obtaining and using it does not. The malware ecosystem is moving towards Malware as a Service (MaaS), and infostealers are cashing in on this trend.
The prices for infostealers vary, but they typically range from $100-200 per month or $1,000 for a lifetime subscription. For example, earlier this year, TechRadar reported that a new MacOS malware known as 'Atomic' was being sold for $1,000 per month. Infostealers are primarily sold on dark web forums and encrypted messaging apps like Telegram.
While many cybercriminals infect computers with infostealer malware, they may not use the stolen logs themselves. Instead, they sell this sensitive information on dark web forums or specialized sites. Logs can be sold for as low as $1, making them easily accessible to anyone with malicious intent.
Infostealers pose a threat to individuals and organizations alike. While personal computers are the most common targets, corporate devices are also at risk, especially through phishing campaigns.
The "bring your own device" trend in corporate environments and the blurring of lines between personal and professional device use further increase the risk. If you or your team reuse the same passwords, it can quickly compromise corporate accounts and sensitive information.
Infostealers are particularly dangerous because they are widely available, easily accessible, and do not require a high level of technical skill or knowledge to deploy. According to the Verizon Data Breach Investigations Report, 74% of all breaches involve human error, depicting the necessity of protecting against infostealers.
Infostealer malware targeting Apple's macOS devices, notably those in the cryptocurrency sector, is on the rise, facilitated through deceptive ads and websites. Security researchers from Jamf Threat Labs and Moonlock have identified strains like Atomic Stealer and Meethub, which are distributed via sponsored ads and fake download sites.
These attacks, camouflaged as legitimate software or offers like the unreleased GTA 6 game, exploit users' trust to access sensitive information such as crypto wallet credentials. With the malware often disguised as podcast invitations or job interviews, users are lured into unwittingly divulging personal data. The prevalence of these attacks emphasizes the risks associated with clicking on seemingly harmless links and the necessity for cybersecurity measures.
To protect against infostealers, measures such as using antivirus and anti-malware software, keeping systems and software updated, implementing strong email security practices, and educating users about phishing and social engineering tactics are necessary. Additionally, employing network firewalls and access controls, encrypting sensitive data, and regularly conducting security audits can help safeguard against infostealer attacks.
Information stealers can be detected using antivirus and anti-malware software, intrusion detection systems, and regular security audits to identify any unauthorized access or data exfiltration.
See also: HIPAA Compliant Email: The Definitive Guide