Infostealer

In computing, infostealers are a form of malicious software, created to breach computer systems to steal sensitive information—including login details, financial information, and other personally identifiable information. The stolen information is then packaged, sent to the attacker, and often traded on illicit markets to other cybercriminals.

Infostealers usually consist of two parts: the bot framework that allows the attacker to configure the behaviour of the infostealer on the victim's computer, and a management panel that takes the form of a server to which the infostealer sends data. Infostealers infiltrate devices through phishing attacks, infected websites, and malicious software downloads, including video game mods and pirated software, among other methods. Once downloaded, the infostealers gather sensitive information about the user's device and send the data back to the server.

Infostealers are usually distributed under the malware-as-a-service (MaaS) model, where developers allow other parties to use their infostealers for subscription fees. This allows people with different levels of technical knowledge to deploy an infostealer. The functionality of infostealers can vary, with some focused on data harvesting, while others offer remote access that allows additional malware to be executed. Stolen data may then be used in spearphishing campaigns for other cyber-attacks, such as the deployment of ransomware.

The proliferation of infostealer-as-a-service providers has contributed to an increase in the number of cybersecurity incidents involving infostealers. The number of stolen data logs being sold on the Russian Market, a cybercrime forum, has increased significantly since 2022. According to Kaspersky's research in mid-2023, 24% of malware offered as a service are infostealers.