The flow of information is crucial in today’s world, but it’s also precious to cybercriminals. They target personal data stored on your device through infostealer malware, putting your information at risk. Experts have marked a significant rise in the spread of information-stealing malware, also known as infostealers or stealers. In Q1 2023, the number of incidents has more than doubled, indicating a concerning trend that threatens global organizations.
What is an Infostealer?
Infostealer is malicious software that collects information on a device it has infected and sends it to a threat actor. It explicitly targets login credentials saved in web browsers, browsing history, credit card and cryptocurrency wallet information, location data, device information, emails, social media platforms, and instant messaging clients – anything valuable.
When malware finds a valuable information, it saves the thing into a specifid directory on a disk. Then, at the end of the entire procedure, malware packs this directory and sends to the command server. The most valuable information threat actors seek is account details and banking card information. Also they can use this data or sell it on dark web markets. Infostealer logs are highly profitable on underground marketplaces, indeed it making them a prevalent form of malware.
| Stealer | Number of available logs |
|---|---|
| Raccoon | 2,114,549 |
| Vidar | 1,816,800 |
| RedLine | 1,415,458 |
| Total | 5,350,640 |
Around 2020, infostealers got their minute of fame, which keeps going even today, in 2023. Such a surge defined 3 leaders of the “industry” – Racoon, Vidar, and RedLine Stealer. Also security experts have noticed that these types of malware have been utilized to steal ChatGPT accounts. This highlights how cybercriminals use stealers to gain access to individuals’ private information.
RedLine
In March 2020, RedLine appeared on the Russian market and quickly became a top seller in the logs category. This malicious software is designed to steal sensitive information from web browsers, including saved login credentials, autocomplete data, credit card information, and cryptocurrency wallets. Once it infects a system, RedLine thoroughly inventory the username, location data, hardware configuration, and installed security software. It is distributed through various means, including cracked games, applications, services, phishing campaigns, and malicious ads.
Raccoon
In 2019, the Raccoon Stealer was first introduced as a malware-as-a-service (MaaS) model and was promoted on underground forums. Later, scoundrels switched to selling their “product” in Telegram groups. In 2022, Raccoon received a new update whicwhich spruced up the detection evasion mechanismh and added new functionality. Interestingly enough that hackers community tend to dislike this infostealer and sprinkle it with dirt on forums. According to a belief, its admins steal the most “juicy” logs.
Vidar
Vidar is a classic example of a hit-and-run infostealer malware. In 2019, Vidar was first noticed during a malvertising campaign where the Fallout exploit kit was employed to disseminate Vidar and GandCrab as secondary payloads. This malicious software is sold as a standalone product on underground forums, and Telegram channels, and it includes an admin panel that allows customers to configure the malware and then keep track of the botnet.
Also this program is created using C++ and is based on the Arkei stealer. Vidar can extract browser artifacts, contents of specific cryptocurrency wallets, PayPal data, session data, and screenshots. Once done, it performs a so-called meltdown – in other words, simply removes itself from the machine.
Where can I get the infostealer?
Hackers may employ various methods to spread infostealers. Among the most prevalent techniques are different attack vectors, such as:
-
Pirated software
It is common for hacking groups to include malware with pirated software downloads. Infostealers and other types of malware have been distributed through pirated software before. -
Malvertising
It’s common for exploit kits to target websites with malicious advertisements. If you click on one of these ads, you might unknowingly install an infostealer or be redirected to a website with malware available for download. Sometimes just viewing the malicious advertisement is enough to trigger the infostealer download. -
Compromised system
As previously mentioned, infostealers are typically installed from a remote location once the attackers successfully access the target system. As a result a compromised system becomes an open book for hackers. -
Spam
It is common for malicious individuals to send infostealers through email, often pretending to be a legitimate organization. The infostealer can either be attached directly to the email, or the recipient may be tricked into clicking on a harmful link, leading to the malware download. These spam emails are usually sent to large groups, but sometimes they can be customized for a specific individual or group.
How to Prevent your system from infostealers?
Here are some practices that can help lower the risk of getting infected with an infostealer:
- Install updates
One way infostealers can be distributed is by using known browser vulnerabilities. To reduce the risk of this happening, it is vital to install updates for your operating system, browser, and other applications as soon as they become available. - Think twice before clicking
Be careful with opening files and clicking links to avoid infostealers. Because, they often spread through malicious email attachments and harmful websites. Don’t open unsolicited email attachments. Be cautious of emails that don’t address you by name. Check URLs before clicking them. - Use multi-factor authentication
Multi-factor authentication (MFA) is a valuable security feature that protects against unauthorized access to accounts, tools, systems, and data repositories. So, if someone steals your login credentials, MFA requires a secondary form of authentication, making it more difficult for a threat actor to access the compromised account. Secure password storage may be a useful add-on option as well. - Avoid pirated software
It is common for pirated software to contain malware, as it is a way for pirates to earn money. Therefore, it is best to use legitimate applications. Nowadays, there are numerous free, freemium, and open-source alternatives available that eliminate the need to take the risk of using pirated software. - Have anti-malware software as a back-up. You never know what trick will hackers do next, and playing what-ifs is a bad idea. For that case, it is better to have a versatile tool on hand, which will help you with detecting and removing malicious programs. GridinSoft Anti-Malware is one you can rely on – give it a try.
