How Cybercriminals Target the Unwary with Info Stealers

A Malware Designed to Harvest Information is Evolving

A computer hacker at a security system to steal critical information.

Cybersecurity is something that affects the real estate industry and our daily lives. In honor of Cybersecurity Awareness Month, Stewart Chief Information Security Officer, Genady Vishnevetsky, is sharing insight into cybercriminals’ latest tactics that may affect real estate professionals and consumers alike. In this blog, he shares a detailed review of “info stealer” malware.

In the digital age, our online presence has become an integral part of our lives, facilitating communication, work and entertainment. Identity is king and user credentials are the key to that kingdom. Imagine a bad actor gaining access, not to a single credential through a phishing email, but to all credentials users ever used or stored on your computer. That would be a treasure trove for the criminal. Welcome to the world of info stealers.

What is an “info stealer”?

Info stealers, a type of malware designed to harvest sensitive information from infected systems, have undergone a significant evolution. From their modest beginnings to their current sophisticated forms, info stealers have evolved to become more accessible, affordable and lethal. This evolution is a crucial aspect of the changing cybersecurity landscape that every internet user should be aware of.

Info stealers first emerged in the early 2000s, primarily targeting passwords and basic login credentials. These early versions were relatively simple and often spread through phishing emails or malicious attachments. However, as cybersecurity measures improved, so did the sophistication of info stealers.

What kind of sensitive information does this malware steal?

Over the years, info stealers have evolved to target a wide array of sensitive data, including session IDs and cookies, credit card details, bank account numbers, cryptocurrency wallets, personal information like names, email addresses, home addresses, phone numbers, and date of birth, as well as technical details like IP addresses, operating system details and installed software. This breadth of data makes them a significant threat to your online security.

How does info stealer malware work?

They achieve their objectives through the following most commonly used capabilities:

Keylogging: Record keystrokes to capture usernames, passwords, and other critical information.
Form Grabbing: Intercepts data entered into web forms before it is encrypted and sent over the Internet.
Clipboard Monitoring: Steal information copied to the clipboard, such as passwords or credit card numbers.
Credential Dumping: Extract stored passwords from browsers and other applications.

This expansion in capabilities has been driven by the development of new variants and the adoption of advanced techniques, such as:

Malware-as-a-Service (MaaS) models: Making it easier for cybercriminals to acquire and deploy info stealers without needing extensive technical knowledge.
Artificial Intelligence (AI) integration: Using AI to automate and optimize info-stealing strategies, such as creating more convincing social engineering campaigns.
Emerging threat actors: New players entering the market with upgraded capabilities, evasion techniques, and business models.

Today, info stealers are more accessible and affordable than ever. The dark web and Telegram channels have become hotspots for purchasing stolen data and malware tools, with prices starting as low as $120 per month. This accessibility has led to a surge in the number of developed stealers and their use in various cyber-attacks. They exploit social media platforms to steal credentials and fuel sophisticated social engineering attacks. They also use MFA fatigue attacks, bombarding victims with MFA prompts to gain unauthorized access. The shift towards remote work has expanded the attack surface for infostealers, particularly with BYOD (Bring Your Own Device) policies and the blurring of personal and professional data boundaries.

What are common ways this type of malware spreads?

The info stealers use traditional methods to propagate. Many of them are decades old. Here are some common to be aware of:

Phishing Emails: These emails are designed to trick users into providing sensitive information. They often appear to come from reputable sources and may create a sense of urgency, prompting users to click on malicious links or download infected attachments.
Malicious Websites: Cybercriminals create websites that mimic legitimate ones to deceive users into entering their information. These sites can be spread through social media, search engine poisoning, or email links.
Software Bundling: Info stealers can be bundled with legitimate software downloads. Inexperienced users might inadvertently install malware when downloading free software or updates from untrustworthy sources.
Fake Technical Support: Scammers may pose as technical support agents, contacting users by phone or email and convincing them to install remote access software. Once granted access, they can install info stealers and other malware.

What are the dangers of info stealer malware?

Info stealers are extremely dangerous and can result in:

Compromising confidentiality and causing harm to individuals and organizations.
Stolen data can be used for identity theft, fraudulent financial transactions, and other criminal endeavors.
Stolen login credentials can be used to launch targeted campaigns that employ ransomware and data extortion elements.

What steps can I take to protect myself from info stealer malware?

While the threat of info stealers is significant, there are steps users can take to protect themselves. Here are some practical tips:

Education and Awareness: It is crucial to learn about common cyber threats and how to identify them. Users should be cautious of unsolicited emails, unfamiliar websites, unsolicited phone calls or SMS messages, and unexpected software downloads.
Strong, Unique Passwords: Using strong and unique passwords for different accounts can prevent cybercriminals from accessing multiple accounts with a single set of credentials. Password managers can help users generate and store complex passwords.
Regular Software Updates: Keeping operating systems, applications, and antivirus software up to date ensures that known vulnerabilities are patched, reducing the risk of malware infections.
Antivirus and Anti-Malware Tools: Installing reputable anti-malware or endpoint detection and response (EDR) software can detect and block many threats before they can cause harm. Regular scans and real-time protection are essential.
Developing resiliency to phishing: Do not overshare personal information. Resist clicking on links or downloading anything from social media platforms—you never know if your friend or connection account has been compromised.

Info stealers have evolved significantly over the years, becoming more sophisticated and dangerous. Their accessibility and affordability have made them a primary method for various cyberattacks.

We thank Genady for sharing this detailed review of info stealing malware and what to look out for. Stay tuned for more cyber security blogs on Insights as we observe Cybersecurity Awareness Month.

Interested in more cyber security articles? Check these out:

Wire Fraud 101: What is it and How Do You Help Prevent It?
Red Flags to Never Ignore in Real Estate
Staying Ahead of Seller Impersonation Fraud