Infostealers: A Growing Threat

Infostealers and data theft

Today, infostealers are responsible for the scraping of billions of passwords from unsuspecting users. 

What is an infostealer?

An infostealer is a malicious software (or malware) programmed to infiltrate computer systems and steal sensitive information. Lately, this kind of malware has been targeting browsers to steal session logs and one’s organization login credentials. It will steal anything else that is stored in a browser like passwords, credit cards and banking information, and especially crypto wallets. It is also used as an entry point into the victim’s system to deactivate their antivirus and other protections so that additional malware can be launched. An infostealer can also provide lateral movement within the organization’s network, which is incredibly harmful as an attacker may escalate their privilege and gain access to unprotected resources. It is important to acknowledge that the risk is especially high when making personal use of a corporate device and vice versa.

How does the infostealer criminal industry operate?

The organized crime groups that provide this service are called Initial Access Brokers. They sell the credentials on cybercrime forums to other groups who exfiltrate corporate data, compromise backups and launch ransomware attacks. This criminal industry works in two ways: either selling the infostealer building tools or selling the stolen logs. Some of the most active infostealer-as-a-service toolkits are Redline, Racoon and Vidar. There are many other providers like RecordBreaker, Meta and Cryptbot, to name a few and they continue to evolve their evasion techniques.

Infostealers: hiding in plain sight?

Their malicious software lies in wait in compromised Google Ads on legitimate sites. They are also in prevalent links on YouTube, Facebook, TikTok, Instagram and other social media platforms. The probability of being infected by an infostealer is very high if the following are downloaded:

  • An illegal or “cracked” copy of a popular expensive software;
  • Free media from a streaming site;
  • Free applications, even from the App Store or Google Play;
  • Any online and offline gaming cheat codes.

When a victim clicks on one of these malicious links, the malware is installed on the browser without any warning or indication. Traditional protections like antivirus or endpoint protection (EDR/MDR) are typically not able or not configured to stop infostealers from nesting in the victim’s browser.

Safeguard your browser against infostealers

Currently, the only way to stop infostealers from being installed on your browser is to have full visibility to all browsing, along with download events while applying Advanced Browser Security that detects and mitigates these attacks before they gain a foothold in your browser.

Starting today, here are the dos and don’ts to reduce the infection risk:

  • Never store passwords, credit cards and banking info, and especially crypto wallets in your browser.
  • Use a browser that has all privacy protections turned on by default.
  • Use an antimalware software that includes Advanced Browser Security.
  • Keep your antivirus updated, enable Safe Browsing mode and run regular scans.
  • Never click on warning popups in your browser, especially those asking you to update immediately.
  • Do not download free, illegal or “cracked” copies of software.
  • Do not download media from free or pirate streaming sites.
  • Do not download gaming cheat codes.
  • Be wary of any free application.
  • Do not open unexpected emails without validating with the sender first by phone or text.
      • Never click on unsolicited links or documents in any email you receive.
      • Even if it comes from someone you know, their account might be compromised and used to send phishing attacks.
      • Never install programs from suspicious emails.
      • Never send confidential information via email.
    • Do not access the Internet for personal use on the same device you use to connect to your organization’s systems and applications.
    • Always use Zero Trust or a VPN to access corporate applications.
    • Use MFA for accessing all your applications and sites.
    • Do not sync your phone’s browser with your computer’s browser.

    Not sure where to start? Contact one of our IT security experts to discuss the best solution for your business.

    Partagez avec vos contacts