web analytics

Infostealer malware poses potent threat despite recent takedowns – Source: www.csoonline.com

infostealer-malware-poses-potent-threat-despite-recent-takedowns-–-source:-wwwcsoonline.com
Rate this post

Source: www.csoonline.com – Author:

John Leyden

News Analysis

01 Apr 20255 mins

Data and Information SecurityMalwareRansomware

Law enforcement action has failed to dent the impact of infostealer malware, a potent and growing threat to enterprise security.

Despite the takedown of Redline — the most prolific stealer of 2024 — and Meta Stealer in October 2024, the overall market and use of infostealers continue to rise, according to threat intel firm Flashpoint.

Information-stealing malware was responsible for stealing 2.1 billion, or 75%, of 2024’s 3.2 billion stolen credentials, Flashpoint reports. Prolific infostealer strains such as RisePro, StealC, and Lumma compromised 23 million hosts and devices last year.

Flashpoint spotlights Lumma Stealer as the top contender for replacing Redline and Meta Stealer, while StealC and Vidar strains are also becoming increasingly prominent, according to the threat intel firm.

Popular stealers, including Vidar, Lumma, and Meduza, push consistent releases and updates addressing performance, operating similarly to software and app development teams. Moreover, successful teams also adapt to security changes within the browser security landscape.

“When Google Chrome pushed cookie-securing updates (app bound encryption) last September it rendered all stealers’ Chrome cookie collection obsolete,” Marisa Atkinson, senior analyst at Flashpoint told CSO. “The stealer families Lumma, Vidar, and Meduza pushed updates and work-arounds to their stealer code within 24 hours.”

Availability, simplicity, and low costs — $200 per month on average — have made infostealers a go-to tool for cybercriminals, spawning a highly adaptable and resilient black market in the process.

Flashpoint’s data is derived from extensive monitoring of illicit online marketplaces, dedicated Telegram channels, and specialized bot shops where stealer logs and related services are traded. Researchers identified a total of 24 unique stealer strains listed for sale on illicit marketplaces.

Statistics from threat intel firm ReliaQuest — which reports a greater than 50% year-on-year increase in infostealer logs posted on the dark web — back up Flashpoint’s findings.

Infostealers enabling ransomware attacks

Infostealers continue to dominate the threat landscape as one of the most widespread and impactful malware categories, impacting both individuals and enterprises. The malware can be programmed to steal login credentials, credit card numbers, browsing history, and other valuable information.

Infostealers typically infiltrate systems through phishing emails, malicious attachments, or compromised websites before using various techniques to skirt detection and retain persistence. Compromised systems are scoured for sensitive data, which is siphoned up and exfiltrated to command-and-control servers.

Independent experts quizzed by CSO warned that the surge in infostealer activity is fueling ransomware and supply chain attacks against businesses.

For example, in January the Hellcat ransomware group used an infostealer to target Telefonica, enabling them to steal a list of 24,000 Telefonica employee emails and names, and 5,000 internal documents.

Danielle Kinsella, network cybersecurity vendor Gigamon’s technical advisor for EMEA, said that infostealer attacks are evolving rapidly, becoming more sophisticated in both their malware capabilities and distribution methods.

“Attackers now leverage SEO [search engine optimization] poisoning, malvertising, and legitimate platforms to infect organizations at scale,” Kinsella told CSO. “Once inside, these threats don’t just exfiltrate data they deploy additional payloads, move laterally across networks, and systemically extract sensitive data.”

The Huntress 2025 Cyber Threat Report found infostealers in 24% of incidents, particularly those targeting enterprises.

“Typically, attackers trick users with phishing emails and malicious downloads, executing infostealer malware that silently steals credentials,” said Dray Agha, senior manager of security operations at manged security services firm Huntress. “Attackers now pair them with remote access trojans [RATs], meaning threat actors gain both legitimate user credentials and persistent remote access to compromised networks.”

The majority of infostealers operate under a malware-as-a-service (MaaS) model, making them widely accessible to cybercriminals with varying skill levels.

“Traditionally, delivery methods have relied on two primary attack vectors — phishing emails and malvertising, where malicious links or files are disguised within seemingly legitimate ads, websites, or poisoned search engine results,” said Matt Ellison, technical director of EMEA at network detection and response firm Corelight.

Attackers are increasingly exploiting a combination of new platforms and human psychology to improve success rates. “One of the more recent trends is phishing through social media messages and posts, particularly on open platforms like Telegram,” Ellison added.

Philippe Baumgart, a senior managing director in the cybersecurity practice at FTI Consulting, told CSO that cybercriminals are developing more sophisticated strains of infostealers.

“New infostealers are emerging with advanced capabilities, such as keylogging, document exfiltration, and cookie theft, gaining the interest of threat actors because they enable an easier account-takeover process, and stealer data can be obtained for free or at a low cost,” Baumgart said.

Richard Werner, cybersecurity platform lead in Europe at cybersecurity vendor Trend Micro, said that the infostealer marketplace is becoming more fractured with smaller players stepping into the gap created by the Redline takedown.

“Since the reorganization of criminals takes some time, we do expect a dent in the number of infostealer attacks followed by an uptick in the near future,” Werner said.

How CISOs can defend against infostealers

To defend against these threats, CISOs should rely on multi-factor authentication MFA and least privilege access to prevent their incursion into the corporate network, as well as endpoint detection and response (EDR) and anti-malware to detect and quarantine infostealers that manage to trick users into running the malware. Regular patching and software updates make it easier to block routes toward possible infection.

Security awareness training can help your workforce spot phishing by teaching them how to identify and report credential-theft attempts. This neutralizes the main infection vector that information stealers use.

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.

Original Post url: https://www.csoonline.com/article/3951147/infostealer-malware-poses-potent-threat-despite-recent-takedowns.html

Category & Tags: Data and Information Security, Malware, Ransomware – Data and Information Security, Malware, Ransomware

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Secure Software Development Lifecycle Fundamentals by Codrut Andrei
Secure Software Development Lifecycle Fundamentals...
BUTTERWORTH-HEINEMANN
Security Operations Center Guidebook – A Practical Guide for a Successful SOC
Security Operations Center Guidebook –...
CISO Forum
CISO’s – First 100 Days Roadmap – Your success as a security leader is determined largely by your first 100 days in the role.
CISO’s – First 100 Days...
RedHat
State of Kubernetes Security Report 2022 by RedHat
State of Kubernetes Security Report...
National Cyber Security
Cyber Security Toolkit for Boards – Helping board members to get to grips with cyber security by NCSC
Cyber Security Toolkit for Boards...
Harvard Business Review
Boards Are Having the Wrong Conversations About Cybersecurity – Board interactions with the CISO are lacking – by Lucia Millica and Keri Pearlson – Harvard Business Review
Boards Are Having the Wrong...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos