Data is as precious as gold. While information is invaluable to legitimate companies, it’s also highly sought after by cybercriminals. These malicious actors will do whatever they can to get their hands on your sensitive data, including infecting your device with infostealer malware. But what exactly is an infostealer, and how can it affect you?
What Is an Infostealer?
As the name suggests, infostealer malware is used to steal various kinds of information from one’s device.
Infostealers were first recorded in use in 2006. At this point in time, an infostealer Trojan Horse program named ZeuS (or Zbot) was released. This Trojan had the ability to steal login credentials and banking details on Microsoft Windows devices, which could then be exploited for financial gain. The use of this Trojan led to the theft of billions of dollars through the infection of millions of devices.
It didn’t take long for other malicious actors to use the ZeuS code to develop new kinds of infostealers. And so, the era of infostealers began.
Infostealer code can also be incorporated into other malicious programs, like keyloggers, Trojans, and stalkerware. Trojans are commonly designed to be infostealers, so that they can infect a device behind the scenes and steal data without the victim’s knowledge. These programs disguise themselves as legitimate or harmless apps to trick the victim into keeping them on their device.
Keyloggers are also used as infostealers. This kind of malware records every keystroke made by the user of an infected device in the hopes of stealing sensitive data or even eavesdropping on private conversations. For example, a keylogger could record the credentials you enter to log into an account, or could even your credit card information when you shop online.
Additionally, browser hooking is commonly used in infostealer campaigns. This involves the use of a backdoor to execute unauthorized commands and steal details from the targeted device.
There’s a wide range of data that cybercriminals aim to access through the use of infostealers. Most notably, payment card details and login credentials are highly valuable. A criminal could either directly use this data to their advantage or sell it on a dark web marketplace to other malicious actors. Huge profits can be made through the sale of valuable data on illicit platforms, so it’s no surprise that such sites have become popular among cybercriminals.
How Do Infostealers Infect Devices?
Because infostealers are a form of malware, their infection methods are pretty standard. Infostealer programs could be put in malicious attachments and links and hidden in seemingly harmless software to steal data while remaining under the radar. Even if you use antivirus software, your device may not be totally impervious to infostealer malware, or any kind of malware, for that matter (though you should always have an antivirus program active on all your internet-connected devices).
To avoid the accidental download of infostealer malware onto your computer, you should protect your email account as much as possible and run antivirus scans on a regular basis. It’s also important that you steer clear of random email links, as these are often used to spread malware.
But regardless of whether you use the right security measures to avoid infostealers, there are still thousands of people who get hit by this kind of malware every year. In fact, there are specific kinds of infostealers that have become very popular among malicious actors.
What Are the Most Common Kinds of Infostealers?
Because data is extremely valuable to both legitimate and illegitimate parties, there are numerous notorious strains of infostealer malware circulating right now. Many of these malicious organizations offer infostealer malware to subscribers as a fee. This kind of business model is known as “Malware-as-a-Service” (MaaS).
Take Raccoon V1, for example. This well-known infostealer arose in 2019 and has quickly become a popular choice for cybercriminals. This program uses C and C++ programming language, and can be leased to users for a fee of $75 per week or $200 per month. This strain of malware can be used to steal login credentials, browser cookies, and sensitive cryptocurrency wallet data. On top of this, Raccoon V1 can track a victim’s geographical location and access their IP address.
Raccoon’s developers have also released a second version of the infostealer, which was first discovered in mid-2022, just four months after the operation shut down due to an alleged operator’s death. This version of Raccoon is a little pricier ($275), but is nonetheless prevalent.
Alongside the Raccoon infostealer family are other well-known strains of similar malware, including Mars Stealer, BlackGuard, and RedLine Stealer.
Mars Stealer is the 2021 successor of Oski Stealer, and often infects devices via file-hosting sites, two-factor authentication extensions, and cryptocurrency extensions. Though this malware program is pretty small, it is powerful, and can steal large amounts of data. BlackGuard and RedLine Stealer are just as dangerous. BlackGuard is known to target Windows devices, and originated among Russian threat actors. This kind of malware is often distributed via phishing emails and drive-by downloads, so watch out for these kinds of attacks when you’re online.
RedLine Stealer, on the other hand, was first noticed in 2020 and continues to target well-known browsers like Chrome and Opera. This strain of malware is capable of stealing login credentials and highly sensitive crypto wallet data. Like Raccoon and Mars Stealer, RedLine Stealer and BlackGuard are malware-as-a-service providers, charging users for access to the programs. Such malicious software can often be purchased or subscribed to using cryptocurrencies, as this allows users to stay anonymous.
As data continues to be maliciously leveraged in the cyberspace, more strains of sneaky and sophisticated will be developed to bypass security measures and stay hidden from users. This is undoubtedly a massive concern for individuals and organizations alike.
Infostealers Pose a Huge Risk to Us All
There’s no denying that infostealer malware is incredibly dangerous. This kind of malicious program can steal huge amounts of sensitive data from unsuspecting victims, which can lead to severe privacy invasions and financial losses. Regardless of what you’re doing online, it’s important that you’re equipping your devices with adequate levels of security to lower the chance of being successfully targeted by infostealer malware.
Read the full article here