Site icon Future Skill

Advisory: Info-Stealer Malware – Threat And Mitigations

Information stealer is a malware variant that is designed to steal critical/ sensitive information, such as login credentials, personal identification details, financial information, and other confidential data, from the victim’s systems. In most cases, info-stealers steal data that can benefit cyber criminals in many ways such as making money via ransom through stealing credit card details, cookies, cryptocurrency wallets, VPN clients’ data, private photos and documents that can be used for blackmail, etc. 

The stolen confidential data is often sold on the darknet or other underground marketplaces, where cybercriminals can purchase it and use it for further malicious activities. 

The Info-stealer malware typically sustains itself in the compromised environment and it operates under the Malware-as-a-Service (MaaS) paradigm. 

Infection Strategy: 

The info-stealers can operate on cross-platforms such as Windows and Linux etc. This malware type is aimed to steal sensitive information, including saved login credentials, session tokens and much more. Malicious actors can use this information to bypass multifactor authentication (MFA) and gain immediate access to user accounts. 

The major chunk of malware infection arises from spam emails, either through attachments or malicious links. The same techniques used by spam emails to deceive people are also used via SMS, WhatsApp, Facebook Messenger, and even phone calls. 

After being deployed on a victim’s system, it initiates the collection of sensitive information and transmits the gathered data to the attacker, who may leverage it for diverse purposes, including identity theft, blackmail, or financial fraud. 

Information stealers can infect the systems in a variety of ways and a few of them are given below : 

Several info-stealer malware has been critically proven dangerous for organizations. For example; Redline Info-Stealer Malware is distributed through phishing emails. It can steal a wide variety of data, including passwords, credit card details, cryptocurrency wallets etc. Vidar info-stealer is spread by downloading a spoofed application from an untrusted source. After infection, the malware searches and steals sensitive information such as account credentials, browser history, saved passwords cryptocurrency wallet data etc. Raccoon info-stealer is focused on various applications such as Chrome, opera etc. to extract data. Critical sensitive information such as credentials, and account details are compromised.

Other information stealer malware are actively operating across the globe and a list of them is given below: 

RisePro Stealer, MintStealer, Aurora Infostealer , VectorStealer, Titan Stealer, Graphiron , WhiteSnake Stealer , Stealc Stealer, Umbral Stealer, Mystic Stealer , STRRAT Stealer, Eternity Stealer, Laplas Stealer, Lumma Stealer, GraphicalProton, Sapphire Stealer, Phemedrone Stealer , Easy Stealer Malware, Atomic STEALER, TurkoRAT and Lucifer malware etc. 

This class of malware is continuously growing in its functionality and infection capabilities while the list of info-stealers is incessantly increasing as the attackers are paying more attention to their development. 

Removal tools: 

CSK Free Bot Removal Tool (FBRT) utility may be used to detect and remove specific malware/viruses from your affected Windows digital devices. 

Countermeasures against info-stealers: 

References: 
 

Exit mobile version