The market for information stealer malware is booming on underground forums. A report by Accenture’s Cyber Threat Intelligence Team (ACTI) shed light on primary drivers and shared some stats around it.
Factors affecting the demand
According to the ACTI report, the spike in such malware is primarily due to its ability to harvest cookies, usernames, and passwords.
Adding to its demand are the cheap costs of several infostealer malware, allowing actors with few resources or little technical knowledge to afford it, who then deploy malware and access victims’ networks with much ease.
The ACTI noted that the success of high-profile attacks (that were executed by combining stolen credentials and social engineering), combined with Malware-as-a-Service (MaaS) offerings, pushed the demand for infostealer malware up.
RedLine Stealer rules the market
RedLine dominated the underground forums and was used in 56% of data breaches.
RedLine, Raccoon Stealer, Vidar, Taurus, and AZORult were the prominent five infostealer malware used to harvest victims' data between July and October.
Aurora infostealer gains traction
A recent development reveals that cybercriminals are increasingly adopting the Aurora malware to steal sensitive data from targeted systems.
It is available for rent for $250 per month or for $1,500 with a lifetime license.
The infostealer malware targets data stored in multiple web browsers (cookies, passwords, history, credit cards), and cryptocurrency browser extensions managing cryptocurrency wallets such as Electrum, Ethereum, Exodus, Zcash, Armory, Bytecoin, Guarda, Jaxx Liberty, and Telegram.
Other key highlights
Among the new variants of malware sold on forums are META, Whisper, Gomorrah v5, Erbium, BlackIce, LummaC, Rhadamanthys, AcridRain, and Psigo.
Researchers predict that the sale of these new malware strains, combined with the availability of infostealer malware source code, will lead to increased sales of victim data on underground marketplaces.
Between June and October, the highest number of victims were reported from India, Indonesia, and Brazil, owing to their population density.
Meanwhile, other victim countries in the top 10 include Pakistan, Vietnam, the Philippines, Egypt, Thailand, Turkey, and the U.S.
End note
As information-stealing malware continues to evolve, it is expected to pose a significant risk to organizations in the coming years. Organizations should move away from the use of biometrics and MFA push notifications to mitigate infostealer malware threats. Additionally, employees should be trained about the dangers of social engineering attempts and how to secure their online accounts. Having threat intelligence on the latest tactics, techniques, and procedures relating to this malware can also help stay ahead of the latest threats in this sphere.