Infostealers: A Growing Threat Behind Cyberattacks and Data Breaches

In the ever-evolving world of cybercrime, malware that specifically steals information has become a major tool in the hands of criminals. According to a recent report from Flashpoint, infostealers — malicious programs designed to harvest sensitive data — played a significant role in last year’s cyberattacks, capturing a staggering 2.1 billion credentials. This surge in stolen credentials has resulted in a range of attacks, from ransomware to breaches targeting critical infrastructure. The rise in infostealers is a concerning trend, given their effectiveness, accessibility, and low cost. The new findings paint a picture of an increasingly sophisticated threat landscape that organizations need to address urgently.

the Infostealer Trend

In 2024, cybercriminals used infostealers to steal 2.1 billion credentials, making up nearly two-thirds of the total 3.2 billion credentials compromised across all sectors. This represents a 33% increase in the number of credentials stolen compared to the previous year. Infostealers were responsible for infections on 23 million devices, the majority of which were running Microsoft Windows, with 70% of these infections targeting corporate systems. In contrast, only a smaller fraction of MacOS devices were affected.

The infostealer market saw a variety of strains, with Redline being the most prolific. Redline alone accounted for 43% of all infections tracked by Flashpoint in 2024, affecting 9.9 million hosts. Other strains, such as RisePro, SteaC, and Meta Stealer, also contributed significantly to the total number of infections. Infostealers gather sensitive data such as saved passwords, credit card details, cryptocurrency wallets, and browser cookies. This data is often sold on dark web marketplaces, or used for further attacks, such as ransomware deployments or exploitation of system vulnerabilities.

The ease of access and low cost of infostealers make them a popular choice for cybercriminals. Flashpoint reports that infostealers typically cost around $200 per month and are readily available in underground forums. This accessibility makes them particularly dangerous, as even less technically skilled criminals can use them to launch large-scale attacks.

One of the most notable instances of infostealer abuse in 2024 involved the compromise of 165 Snowflake customer environments, where credentials stolen by infostealers led to the exposure of hundreds of millions of sensitive records. High-profile organizations, including AT&T and Ticketmaster, were impacted. This attack demonstrated the growing sophistication of cybercriminals who use stolen credentials not just for immediate financial gain, but as a gateway to even larger breaches and systemic attacks.

What Undercode Say:

The growing trend of infostealers highlights a significant shift in cybercriminal tactics. Rather than relying solely on brute-force methods or exploiting technical vulnerabilities, cybercriminals are increasingly focusing on obtaining the credentials and personal data that allow them to bypass security systems. By exploiting human error and weaknesses in systems, they are able to escalate their attacks and move laterally through networks, often undetected.

One of the reasons infostealers have become so successful is their versatility. Not only do they contribute to data breaches, but they also act as initial vectors for ransomware attacks, providing attackers with access to the systems they need to deploy further malicious payloads. In fact, the connection between infostealers and ransomware campaigns is a growing concern. Cybercriminals are using stolen credentials to bypass security measures, escalate privileges, and eventually deploy ransomware, causing massive damage to both organizations and their clients.

From a technical perspective, infostealers are designed to circumvent detection, making them particularly challenging to stop. They often come equipped with built-in anti-detection measures that allow them to avoid triggering traditional security alarms. Additionally, their ability to gather sensitive system information, such as saved passwords and cookies, provides attackers with valuable assets for further exploitation. This adaptability and stealth make infostealers a formidable tool in the cybercriminal’s arsenal.

The increase in infections and credential theft also signals a shift toward targeting supply chains and critical infrastructure. Many cybercriminals now see large enterprises and their service providers as high-value targets. By compromising the systems of smaller or intermediary organizations within these supply chains, attackers can gain access to sensitive data and wreak havoc on larger, more secure networks. This trend suggests that organizations must rethink their security strategies, ensuring that not only their own defenses are strong but also those of their partners and third-party vendors.

Moreover, infostealers are not just a problem for large corporations. Small businesses and individual users are also vulnerable, especially those who are not paying attention to cybersecurity basics like phishing awareness or proper password management. The ease with which these malware strains spread through phishing emails, fake software downloads, and secondary malware payloads means that nearly anyone with an internet connection can become a target. As such, the responsibility to secure systems falls on both individuals and organizations alike.

Fact Checker Results:

Infostealers have indeed led to a significant increase in stolen credentials, as demonstrated by Flashpoint’s findings, with 2.1 billion credentials stolen last year.
The trend of infostealers being used as entry points for ransomware attacks is backed by industry data, indicating a clear link between the two.
While MacOS devices are targeted, Windows devices remain the primary focus for infostealers, given their larger user base and the relative ease of targeting legacy components.

In conclusion, the rise of infostealers marks a new era in cybercrime, one where low-cost, accessible malware can wreak havoc on organizations of all sizes. With a growing number of infostealer strains on the market and their increasing use in ransomware campaigns, the threat landscape is evolving rapidly. Addressing this issue requires both technological and behavioral changes from organizations and individuals alike to stay ahead of the curve and protect sensitive data from falling into the wrong hands.