Info Stealers Thrive in Hot Market for Stolen Data

In the dubious race for popularity among cybercriminals, Redline Stealer appears to be far and away attackers' top choice for malware built to steal lucrative and sensitive data, including cryptocurrency wallet and remote access credentials. Information-stealing malware, or info stealers, come in a variety of forms and facilitate the theft of credentials for accessing e-commerce accounts and bank accounts, stealing session cookies and saved passwords from browsers or bypassing multifactor authentication credentials, and other lucrative types of data. "Cybercriminals can sell the stolen credentials to impersonate victims, enter their corporate networks using a VPN, commit other kinds of fraud or sell such credentials to others," Trend Micro said in a new report.

Based on information uploaded to VirusTotal, Trend Micro said the RedLine info stealer wins the race for most downloaded. Other popular info stealers include LokiBot, Mars and Aurora, as well as Vidar, Raccoon and Rhadamanthys, it said.

The information most often stolen via info stealers, based on what shows up for sale, is browser data, including website credentials, especially to facilitate fraud and theft via e-commerce and banking sites. "This is not surprising, given that browser data is a treasure trove of sensitive information, including authentication cookies, stored credit cards, credentials, passwords and navigation history," the researchers wrote. Another top target is cryptocurrency wallet credentials, which attackers can potentially cash out directly. Also popular are chat app credentials, which researchers said attackers regularly abuse to try and socially engineer victims - for example, via the "stranded traveler" scam, as well as stolen FTP and email app credentials and VPN credentials.

Healthcare Infosecurity 11/13/2023