In a blogpost from May 2023, the risks of downloading software from untrustworthy sources were highlighted, emphasizing the prevalence of malware embedded in pirated software. The warning aimed to educate the public about the dangers of such practices and encourage the adoption of safer alternatives.
Fast forward to the first half of 2024, the ESET Threat Report revealed a significant increase in the detection of information-stealing malware. These malicious programs were not only found in pirated Windows games and cheating tools but also masquerading as generative AI tools. Furthermore, the GoldDigger malware was detected on Android OS, while the Ebury campaign targeted UNIX-like operating systems for over a decade, stealing valuable data such as credit cards and cryptocurrencies.
Analysis of infostealer detections over a two-year period showed consistent activity with intermittent drops around the holiday season. Speculations on the reasons behind these drops ranged from decreased computer usage by victims to potential breaks taken by criminal hackers, who have evolved into organized criminal enterprises resembling businesses.
The top ten infostealers identified by ESET accounted for over 56% of all detections, with Agent Tesla leading the pack at 16.2%. While Windows-based malware dominated the detections, web-based information stealers were also identified, albeit with lower encounter rates, indicating a potential impact on non-ESET users.
It is essential to acknowledge that different security companies may report varying encounter rates for malware due to factors like threat classification methodologies, customer profiles, and usage contexts. This diversity underscores the importance of comprehensive threat intelligence analysis to understand the evolving landscape of cyber threats.
Information stealers fall under a specialized threat category termed Infostealer by ESET, reflecting the increasing prevalence of malware designed to harvest sensitive data. These malicious programs target a wide range of information, including usernames, passwords, financial details, and session tokens, exploiting vulnerabilities in both software and human behavior.
The profitability of information stealing has led to the emergence of crimeware-as-a-service models, enabling criminals to customize malware functionalities based on their illicit objectives. Victims of information-stealing attacks face a complex recovery process, necessitating thorough system sanitization, password changes, and proactive measures to prevent future breaches.
In the aftermath of an information-stealing incident, users are advised to prioritize data security by implementing robust password management practices, enabling two-factor authentication, and staying informed about emerging cyber threats. Collaborative efforts between law enforcement agencies and financial institutions can enhance the recovery process and mitigate further risks associated with compromised accounts.
Despite the persistent threat of information stealers and data breaches, individuals can adopt defensive strategies to safeguard their online identities and minimize the impact of cyberattacks. By following best practices such as using unique passwords, activating multi-factor authentication, and staying vigilant against suspicious activities, users can fortify their digital defenses and mitigate the risk of falling victim to malicious actors.