The Rising Threat of Infostealers: A Deep Dive into Cybercrime Tactics

Cybercrime is evolving at an alarming rate, and one of the most pronounced methods fueling this growth is the use of information-stealing malware, commonly known as infostealers. A recent report from Flashpoint reveals that last year, infostealers captured a staggering 2.1 billion credentials, highlighting a significant increase in cybercriminal activities. This article breaks down the various facets of infostealers, their impact, and how they operate.

The Scope of Credential Theft

In 2024, infostealers accounted for nearly two-thirds of the total 3.2 billion credentials stolen from organizations worldwide. This marked an increase of 33% compared to the previous year, demonstrating the effectiveness of these malware strains in compromising sensitive data. Notably, over 200 million credentials were stolen within just the first two months of this year, underscoring the escalating urgency for cybersecurity measures.

The Versatility of Infostealers

According to Ian Gray, Vice President of Intelligence at Flashpoint, infostealers are versatile tools that contribute to various malicious activities. They serve as initial access vectors for ransomware attacks, allow for account takeovers, and increase data breach totals. These malware strains do not just steal basic credentials; they capture a wide range of sensitive information, from system data to browser data, making them integral to the success of modern cyberattacks.

The Technical Landscape

Flashpoint researchers tracked infostealer infections across 23 million hosts and devices over the past year. A significant percentage of these infections occurred on Microsoft Windows operating systems, demonstrating the platform’s attractiveness to cybercriminals due to its large user base and extensive legacy components. Although some strains attack MacOS devices, the relative ease of targeting Windows makes it the primary focus for these criminals.

The Most Prolific Infostealers

Among the various strains of infostealers, one strain, Redline, emerged as particularly notable, infecting 9.9 million hosts—43% of all recorded infections. The next four strains—RisePro, SteaC, Lumma Stealer, and Meta Stealer—collectively infected around 7 million hosts. Many of these strains are uniquely engineered to bypass specific security measures, making them difficult to detect and counteract.

High-Profile Attacks and Data Breaches

Infostealers have been instrumental in major cyber incidents. For example, in April 2024, credentials stolen from six different infostealer strains led to breaches that affected up to 165 Snowflake customer environments. This attack compromised hundreds of millions of sensitive records and impacted several high-profile enterprises, including AT&T and Ticketmaster. These incidents serve as a stark reminder of how infostealers can catalyze widespread data breaches and operational disruptions.

The Economics of Infostealing

The affordability and accessibility of infostealers contribute to their widespread use. On average, these tools cost around $200 per month, making them accessible to a wider range of cybercriminals. They are often readily available on underground forums and dark web marketplaces, allowing even those with limited technical knowledge to launch sophisticated attacks.

Infection Methods and Data Harvesting

Infostealers deploy various strategies to infect devices, including phishing attacks, illegitimate software downloads, and secondary malware payloads. Once inside a target system, they gather an extensive array of information, including saved credit cards, cryptocurrency wallets, and cookies from active sessions. The stolen data is typically compressed and sent to a remote server for further exploitation.

The Future of Infostealers in Cybercrime

Looking ahead to 2025, it is clear that infostealers will remain central to the landscape of cybercrime. Their ability to facilitate breaches and ransomware attacks could continue to grow, posing significant challenges for organizations aiming to shore up their defenses. As cybersecurity professionals work tirelessly to combat these threats, understanding the mechanics and implications of infostealers is crucial for developing effective countermeasures.

In a world where data is invaluable, the persistence and evolution of infostealing malware present profound challenges and underscore the need for heightened awareness and robust cybersecurity practices.