top of page

Growing Threat from InfoStealers

Infostealers are a relatively new type of malware designed to steal confidential information from infected devices. Their rise began around 2018 and has been growing year by year. More than 100M infected PC worldwide by 2024.

This is conditioned due to their strong commercial focus—they are at the heart of modern cybercrime business.

The main goal of infostealers is to locate and exfiltrate sensitive information and sell it to other cybercriminals on dark web markets.

So, how it happens ?!

- Pirated software
free license for windows,  photoshop, cheat for game, etc

- Someone shared a link
in a game chat, Discord,
or Whats'up, Facebook, or X

- From Google ADS
when you search some rare software, so you highly trust link from Google ADS

- fake Captcha request
you asked to press Win+R and then
Ctrl+C and Ctrl+V string with code

OMG, and how it looks inside ?!

Each infected device data stored with such folder tree structure
folder_structure_sample.jpg
Files contains stolen data from web browser and operating system
comp_info_blured.jpg
passwords_blured.jpg

Whether 2FA not protecting account access? (Spoiler: NO !)

WebBrowser Cookies are used to represent an already-authenticated web session, the method of original authentication—be it a passkey, MFA-validated, or logged-in using a Single Sign-On (SSO) solution—one stolen cookie is all it takes to bypass the entire authentication and login process. Users "fingerprints" are selling on darkmarkets. 
market.jpg
screen1.jpg

Is that really serious ?
How this affects me personally or my business ?

Personal damage:

Unauthorized access to documents: Gmail, Outlook, Dropbox, iCloud
(mostly used to get access to other services, sell account or send spam)
 
Steel money from: Crypto wallets, Paypal, Casinos, Wise, Revolut, Banks

Documents from desktop used for brute-force attacks on crypto wallets

Steel characters from Games: Steam, RiotGames, Minecraft, etc

Social media: Facebook, Instagram, X, Netflix
Messengers: Telegram, Whats'up, Discord
used for reselling accounts or for malware spreading

Services: Uber, Axis, Ring, VPN, Vodafone, O2, ChatGPT, Amazon
Used to collect private data including purchase history, etc.

Sensitive data: Tinder, Pornhub, Adultfriendfinder, Baidu, Onlyfans, DNA collections, other medical services or Government sites for tax reports etc
used for blackmail
Business damage:

Unauthorized access to documents: Webmail, Jira, Zendesk, DropBox

Corporate access: SSO(okta, microsoft), VPN, SSH keys/certs

Corporate Messengers: Slack, Teams, Discord, Zoho, CRM/ERP systems

Other services: Github, AWS, SnowFlake, ChatGPT, Godaddy, Linkedin

Only in 2024 these
companies were hacked
by account takeover attacks
gained access to
SnowFlake cloud DB
using stolen credentials
harvested from
infostealer infection 

For instance, a Slack account cookie bought on the dark web for $10 led to the compromise of Electronic Arts 780GB game source codes.
ChatGPT Image Apr 12, 2025, 02_11_21 AM_

So what’s the cure for InfoStealers?
There’s no way to erase stolen data from the dark web.
Mitigation is the only option: continuous monitoring of new leaks and instant password and session resets .
Then, the moment your data is exposed, you’ll hear it from us, not from the media or the headlines.

bottom of page