Kaspersky has reported that nearly 10 million personal and corporate devices were compromised by data-stealing malware in 2023, marking a staggering 643% increase over the past three years.
This alarming trend highlights the growing sophistication of cybercriminals and the increasing vulnerability of both individuals and organizations to data theft.
Information stealers, a type of malware designed to collect sensitive data such as login credentials, financial information, and personal details, have become increasingly prevalent in the cybercrime ecosystem.
According to Kaspersky’s report, the malware is often distributed through sophisticated methods, including malvertising on adult websites and YouTube comment spam, making them difficult to detect and prevent.
Join ANY.RUN's FREE webinar on How to Improve Threat Investigations on Oct 23 - Register Here
Over 10 Million Personal And Corporate Devices Infected
Kaspersky’s Digital Footprint Intelligence data revealed that cybercriminals stole an average of 50.9 login credentials per infected device.
These credentials often include access to social media accounts, online banking services, crypto wallets, and various corporate online services, including email and internal systems.
One of the factors contributing to the surge in infections is the availability of information stealers through subscription-based models on the dark web.
This “malware-as-a-service” approach has lowered the barrier to entry for aspiring cybercriminals, allowing even those with limited technical skills to launch attacks.
Among the various infostealer malware families, Redline emerged as the dominant threat, accounting for 55% of devices targeted by password-stealer attacks in 2023.
Other notable malware families included Vidar (17%) and Raccoon (nearly 12%). The underground market for data-stealing malware is expanding rapidly, with new stealers gaining popularity.
Between 2021 and 2023, the share of infections caused by new stealers surged from 4% to 28%. In 2023, the newly emerged “Lumma” stealer alone was responsible for over 6% of all infections.
Several information stealers have gained prominence in recent months:
- Kral Stealer: Initially discovered as a downloader for other malware, Kral has evolved into a full-fledged stealer targeting cryptocurrency wallets and browser data.
- AMOS: This macOS-specific stealer masquerades as legitimate software, tricking users into granting it system access. It employs deceptive tactics to collect user passwords and system information.
- Vidar/ACR: This complex malware chain uses YouTube comments for distribution and employs multiple stages of infection, ultimately deploying the ACR stealer to exfiltrate sensitive data.
The widespread infection of devices by information stealers poses severe risks to both individuals and organizations. Stolen credentials can lead to financial losses, identity theft, and further cyberattacks.
For businesses, compromised corporate networks can result in data breaches, reputational damage, and potential ransomware attacks.
Cybersecurity experts recommend several measures to mitigate the risk of infection:
- Implement two-factor authentication (2FA) for all accounts
- Use unique, strong passwords for each online service
- Download software only from official websites
- Verify website authenticity before downloading any files
- Keep operating systems and security software up to date
As information stealers continue to evolve and increase, maintaining vigilance and adopting robust cybersecurity practices is crucial for protecting personal and corporate data from this growing threat.
Indicators of compromise
Kral
02c168aebb26daafe43a0cccd85397b2
039bebb6ccc2c447c879eb71cd7a5ba8
0509cc53472b265f8c3fc57008e31dbe
Amos
ec7f737de77d8aa8eece7e355e4f49b9
dd2832f4bf8f9c429f23ebb35195c791
Vidar
6f9d3babdeea3275489589ee69bc3f31
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here