Most enterprise chief information security officers (CISOs) are very familiar with infostealers, a pervasive breed of malware that quietly gathers website credentials, passwords, and other financial information from a compromised user account. Infostealers are nothing new; they have been a common tool in the threat actor’s toolbox since 2006, when the Zeus online banking Trojan was first spotted in the wild.
However, new research by the Uptycs research team has uncovered a stark increase in the distribution of infostealer malware over the past year. The study, “Stealers Are Organization Killers,” details a variety of new infostealers preying on Windows, Linux, and macOS systems. It shows that incidents more than doubled in the first quarter of 2023 compared with the same time last year.
But it’s not just the growth in the volume of infostealers that’s raising eyebrows among threat researchers and security analysts. More concerning is how criminal organizations are finding novel ways to customize, market, and deploy infostealer malware at an unprecedented scale.
The Rapidly Evolving Infostealer Market
Initially designed as simple, single-purpose malware, infostealers have become sophisticated tool sets with advanced evasion techniques and modular architecture. Some operators even use generative artificial intelligence (AI) to mimic human-like behaviors.
This transformation has been fueled not only by criminal groups’ relentless pursuit to infiltrate more systems but also by the emergence of new Web platforms that facilitate creating and deploying infostealers.
Building and deploying an infostealer once required basic coding and IT operations skills. These days, anyone with a laptop and as little as $50 in their bank account can kickstart their own malicious campaigns by signing up for a malware-as-a-service offering that can be found on any number of Dark Web forums.
Encrypted communications platforms like Telegram and Discord have become the favored emporium for operators and buyers. These platforms have also become popular vehicles for buying and selling pilfered data. Their intuitive interfaces and end-to-end encryption make them attractive to operations security-minded cybercriminals, infostealer gangs, and newcomers. Stolen logs are often advertised and traded in private channels or groups, with a growing volume of transactions occurring directly within the platforms.
Three Strategies to Mitigate Infostealer Threats
If these trends continue, there’s little doubt that the infostealer market — and the operators’ sophistication — will grow in scale and scope. CISOs should consider adopting the following three strategies to mitigate this growing threat:
A Step Ahead
The battle against infostealers is yet another example of the ongoing cycle of adaptation and counter-adaptation between threat actors and security teams. As we’ve seen before, staying one step ahead of malware operators will require a comprehensive strategy that encompasses advanced technology, constant vigilance, proactive threat hunting, and ongoing education.