Kaspersky reports nearly 10 million personal and corporate devices were compromised by data-stealing malware in 2023, a 643% rise in three years. Information stealers, which collect sensitive data like login credentials and financial info, are increasingly common and often spread through methods like malvertising on adult sites and YouTube comment spam, making detection and prevention harder.
Over 10 Million Personal And Corporate Devices Infected
Kaspersky’s data shows cybercriminals stole an average of 50.9 login credentials per infected device, including access to social media, banking, crypto wallets, and corporate services.
The rise in infections is driven by the availability of information stealers via subscription models on the dark web, making attacks easier to launch. Redline was the dominant infostealer in 2023, targeting 55% of affected devices.
Other notable malware families included Vidar (17%) and Raccoon (nearly 12%). The underground market for data-stealing malware is growing fast, with new stealers becoming more popular.
From 2021 to 2023, infections caused by new stealers jumped from 4% to 28%. In 2023, the newly emerged “Lumma” stealer accounted for over 6% of all infections.
Several information stealers have gained attention recently:
- Kral Stealer: Originally a malware downloader, it now targets cryptocurrency wallets and browser data.
- AMOS: A macOS-specific stealer that pretends to be legitimate software, tricking users into giving system access to steal passwords and system info.
- Vidar/ACR: This malware chain spreads through YouTube comments and uses multiple infection stages, with ACR stealing sensitive data.
The widespread infection of devices by information stealers poses serious risks to individuals and organizations, leading to financial losses, identity theft, and cyberattacks.
For businesses, compromised networks can cause data breaches, reputational damage, and ransomware attacks.
As information stealers evolve, strong cybersecurity practices are essential to protect personal and corporate data.
To protect against information stealers, implement these key measures:
- Enable two-factor authentication (2FA) for all accounts
- Use strong, unique passwords for every service
- Download software only from official sources
- Verify website authenticity before downloading files
- Keep your operating system and security software updated
IOCs
Kral
02c168aebb26daafe43a0cccd85397b2
039bebb6ccc2c447c879eb71cd7a5ba8
0509cc53472b265f8c3fc57008e31dbe
Amos
ec7f737de77d8aa8eece7e355e4f49b9
dd2832f4bf8f9c429f23ebb35195c791
Vidar
6f9d3babdeea3275489589ee69bc3f31
Leave A Comment