What are infostealers?
Infostealers (also known as stealers) are very unpleasant pieces of malware that sneak onto people's computers to steal their personal information. They take things like usernames, passwords, and even credit card numbers and send them back to the hackers controlling them. A recent IBM report suggests that in 2023 the criminal use of infostealers went up by more than 300%!
Why are infostealers so dangerous?
Stealers are able to hoover up large amounts of information from victims’ computers in a matter of seconds. In 2022, SpyCloud found around 721 million pieces of stolen information found on the dark web stolen by stealers Hackers, scammers, and criminals can use this stolen information to scam you and other people, steal money, and take over online accounts. And because they’re so fast-acting, they’re almost untraceable, meaning victims often have no idea they have been attacked.
What do infostealers steal?
Infostealers can take lots of different kinds of information from a computer:
Login credentials: This means usernames, passwords, and special code snippets and tokens called session cookies. These are what allow you to stay logged into online accounts for weeks at a time.
Financial information: They can also take credit card numbers and bank details that you may have stored on your internet browser or computer.
Identity data: This includes things like social security numbers, addresses, insurance details, and phone numbers.
How do infostealers get onto your computer?
Infostealers can sneak onto someone's computer in several clever ways.
Phishing emails are probably the most common method. This is when hackers send out emails that look like they're from a trustworthy source, like a bank or an online store. When someone clicks on a link or downloads an attachment from these emails, the infostealer gets onto their computer.
Malicious websites are another way infostealers can infect a computer. If someone visits a website that has been compromised or set up by cybercriminals, the infostealer can be downloaded onto their computer without them knowing.
Infected downloads are also a risk. Sometimes, people download software or files that seem harmless but are actually carrying an infostealer. This can happen with things like game mods or free software from unreliable sources.
Malicious ads can also lead to infostealer infections. These ads can be found on popular websites and may contain hidden code that downloads the infostealer onto a computer when clicked on.
SEO poisoning is another method. Cybercriminals manipulate search engine results to lead people to malicious websites where the infostealer is waiting to infect their computer.
Lastly, malicious links in popular platforms like YouTube can also lead to infostealer infections. These links can be found in video descriptions or comments and can lead to the automatic download of the infostealer when clicked on.
What are some of the most common infostealers around today?
There are a lot of infostealers around - too many to list here. But here are some of the most common:
- RedLine: A sophisticated infostealer that aims to capture a variety of sensitive information from infected computers.
- Raccoon: Specializing in browser data theft, Raccoon is known for stealing credit card information and login credentials.
- Vidar: Designed to target personal information, Vidar also focuses on stealing cryptocurrency wallets from infected devices.
- Lumma: Lumma is a data-stealing infostealer that can capture keystrokes, clipboard data, and browser form information.
- AMOS Atomic: This infostealer is specifically designed to steal sensitive data from cryptocurrency wallets.
- Taurus: A versatile infostealer, Taurus is capable of stealing a wide range of information, including financial and personal data.
- Rhadamanthys: Known for its ability to steal various types of information, Rhadamanthys targets login credentials and browser cookies.
- ZLoader: Initially targeting banking information, ZLoader is designed to steal financial data but can also collect a range of other sensitive information.
- TrickBot: Originally focused on banking details, TrickBot has evolved to steal various types of information, including financial data and login credentials.
- FormBook: Targeting businesses, FormBook captures typed, copied, and form-filled data from infected computers.
- Pony/FareIT: A versatile infostealer, Pony/FareIT can steal a broad array of information, including login details and digital currencies like Bitcoin.
How to detect and respond to infostealers
It's really important to be careful and watch out for signs that your computer might be infected with an infostealer. Even if you have antivirus software on your computer, it might not always catch the virus.
- Make sure you’re using Guardio - it will always stop you from clicking on a link or opening a file that will infect your computer with malware.
- Make sure you set up and enable 2-factor authentication (or Multi FA) on your online accounts. You may think it’s an annoying inconvenience or waste of time, but features like this are sometimes all that’s keeping a criminal from accessing your life savings.