Infostealers fueled cyberattacks and snagged 2.1B credentials last year – CyberScoop
Cybercriminals used information-stealing malware to a devastating effect last year, capturing sensitive data that fueled ransomware, breaches and attacks targeting supply chains and critical infrastructure, according to a new report.
Infostealers were used to steal 2.1 billion credentials last year, accounting for nearly two-thirds of 3.2 billion credentials stolen from all organizations, Flashpoint said in a report released Tuesday. By targeting identity and access, cybercriminals stole 33% more credentials in 2024 compared to the previous year. More than 200 million credentials were already stolen in the first two months of this year.
“Infostealers are proving to be incredibly versatile, contributing to account takeover, increasing data breach totals, acting as initial access vectors to ransomware, as well as assisting in exploitation via vulnerabilities,” Ian Gray, vice president of intelligence at Flashpoint, said in an email.
“Stealers have increasingly become the initial access vector for ransomware campaigns by stealing credentials, system information and browser data,” Gray said. “This information can also lead to other types of cyberattacks or malware deployments — using stolen credentials to bypass security measures, move laterally, and escalate privileges.”
Flashpoint researchers tracked infostealer infections to 23 million hosts and devices last year, the majority of which were running on the Microsoft Windows operating system. Nearly 7 in 10 infostealer infections on Windows devices targeted corporate systems.
Some infostealer strains target MacOS devices, which have stricter system protections, but Windows’ larger user base, extensive legacy components, and established malware development tools make their products the more attractive and profitable targets, Gray said.
Flashpoint found 24 unique infostealer strains listed for sale on illicit marketplaces last year. One strain in particular, Redline, infected 9.9 million hosts, or 43% of all infostealer infections observed by Flashpoint in 2024.
The next four most-prolific infostealers in 2024 infected a combined 7 million hosts, including RisePro, SteaC, Lumma Stealer and Meta Stealer. Many infostealer strains are designed to circumvent specific security controls and avoid detection.
Cybercriminals used credentials captured from at least six infostealer strains — including Vidar, RisePro, Redline, Racoon, Lumma Stealer and Meta Stealer — to break into as many as 165 Snowflake customer environments in April 2024. The attack spree exposed hundreds of millions of sensitive records and impacted large enterprises, including AT&T, Ticketmaster, Advance Auto Parts and others.
“Infostealers are effective tools due to their low costs, ease of use, and accessibility,” Gray said. “Inherently, this is a force multiplier as it can allow a single threat actor to compromise an organization at scale, without them needing to have any deep technical knowledge.”
Cybercriminals use infostealers to harvest system information, saved credit cards, cryptocurrency wallets, autofill information, account credentials and active session cookies stored in browsers. Infostealers infect devices via common initial access vectors, including phishing, illegitimate software downloads and secondary malware payloads.
Infostealers catalog and consolidate file directories and registry keys into a compressed file format and send the data to a remote server. Cybercrime facilitators package these credentials or logs for future attacks or sell the stolen data to affiliates.
Infostealers cost an average of $200 per month last year, according to Flashpoint. “They are easy to use and are readily available on underground forums and dark web marketplaces,” Gray said. “Going forward in 2025, it is highly likely that infostealers will help propel future breaches as well as ransomware attacks.”
The post Infostealers fueled cyberattacks and snagged 2.1B credentials last year appeared first on CyberScoop.
–
Read More – CyberScoop
