Cybercriminals are shifting their focus from large corporations to everyday users, employing Infostealer malware to quietly pilfer passwords, browser data, and access tokens from personal devices. A recent report indicates a staggering 500% increase in Infostealer activity over the past year, resulting in the theft of over 1.7 billion credentials, highlighting an unchecked escalation in this threat.
Industrialization of Credential Theft
In 2024, researchers at Fortinet identified a remarkable rise in the trading of stolen login information on the Dark Web, with 1.7 billion credentials being harvested from users’ devices rather than via traditional breaches. This new approach revolved around a type of malware known as Infostealers, designed specifically to extract sensitive data like usernames, passwords, browser cookies, and even Crypto wallets. Unlike exploits that break into centralized databases, Infostealers operate on individual computers, often without the victim’s knowledge.
Once compromised, these credentials are aggregated and sold by intermediaries to access brokers, who in turn supply them to various cybercriminal entities, including ransomware groups. This burgeoning market enables the purchase of verified credentials at scale, complete with region-specific pricing.
Fortinet’s latest report has found a dramatic spike—500%—in the volume of logs linked to Infostealer infections over the last year. Some of the most common and perilous Infostealers identified include Redline, Vidar, and Raccoon.
How Infostealers Operate
Infostealers are typically spread via phishing emails, harmful browser extensions, dubious software installers, or cracked applications. Once on a device, they scour local files for various types of sensitive data, including browser databases, saved passwords, and even FTP credentials.
A worrying aspect of these infostealers is their ability to hijack session tokens and authentication cookies. This feature allows attackers to bypass multifactor authentication, gaining control of accounts without needing to log in anew.
The gathered information is sent to command and control servers and may be used by the attackers themselves or bundled and sold in forums. This data can provide a rich profile of victims, including their IP address, geolocation, and comprehensive lists of sensitive credentials, paving the way for further exploitation.
5 Ways to Protect Yourself from Infostealer Malware
As the threat from Infostealers grows, protecting your data requires a blend of smart practices and reliable tools. Here are five effective strategies:
1. Use a Password Manager: Many Infostealers target saved passwords in browsers. A dedicated password manager is a safer option. The best ones even include a Data Breach Scanner to alert you if your information has been compromised.
2. Enable Two-Factor Authentication (2FA): This adds an essential layer of security by requiring a secondary verification step. Even if attackers get your passwords, 2FA can keep them locked out of your accounts.
3. Use Robust Antivirus Software: Infostealer malware often infiltrates systems via malicious downloads or phishing attempts. Ensure you have reliable antivirus software on all devices to detect and block these threats. Always be cautious about where you download software or files.
4. Keep Software Updated: Outdated software can be an easy target for cybercriminals. Regularly updating your operating system, browsers, and security software helps eliminate known vulnerabilities.
5. Consider Data Deletion Services: These services aid in erasing your personal information from data broker sites, which can reduce the risk of identity theft. While they may not guarantee complete data removal, they offer peace of mind by systematically monitoring and deleting sensitive information.
In summary, this 1.7 billion credential leak is a stark reminder of the evolving landscape of cybercrime, highlighting how easily unsuspecting individuals can become targets. If you’ve stored passwords in browsers or clicked suspicious links, your information might already be compromised.
