Commodity information stealer malware has emerged as a formidable and urgent threat, wreaking havoc across the globe. This malicious software is not just another nuisance; it is a relentless predator infiltrating endpoints, siphoning off sensitive data, and peddling it on dark web forums and markets with alarming efficiency. Unlike sophisticated, targeted attacks, these information stealers are mass-distributed, making anyone and everyone a potential victim. The sheer scale and impact of this threat demand immediate attention and action, primarily from individuals but also organizations leveraging legacy cyber security solutions.

eCrime threat actors are largely responsible for the day-to-day operation of information stealers, a nefarious malware family designed to harvest a wide array of data from infected systems, but largely focusing on harvesting credentials. The stolen data is items such as login usernames and passwords, browser history and cookies, credit card details, detailed system information, and a myriad of other personal information. Information stealers are often spread through phishing emails, malicious downloads, and compromised websites. Once exfiltrated, the data is automatically sent to bot collectors, which collate the data, and then place "packages" up for sale on dark web markets and forums, such as Russian Market, 2Easy, and many others.

Unlike nation state attacks, which typically target specific organizations with precise intent, commodity information stealers are disseminated broadly to maximize infection rates. These malware tools frequently infiltrate home computers, exploiting the generally lower security standards and the prevalence of outdated endpoint security software. Business endpoints running legacy cyber security controls are equally vulnerable, as their outdated defenses provide an easy entry point for these infections.

eCrime adversaries responsible for the development and sale of commodity information stealers often make their purchase available on dark web forums and markets. This is a unique aspect of the eCrime ecosystem, whereby the tools are made accessible even to low-skilled cyber criminals. Most information stealers are full automated, making operation exceedingly easy for the less savvy cyber criminals to deploy and manage their attacks while effectively monetizing the pilfered data.

From January 2023 to June 2024, there has been a noticeable increase in the deployment of commodity information stealer malware. According to multiple cyber security reports, the number of detected instances of such malware rose by approximately 150% compared to the previous 18 months. This surge can be attributed to several factors.

Digital transformation has led to a rapid rise in remote working, leading directly to an increase in the use of personal devices for professional purposes, thus making them attractive targets for criminal malware attacks. eCrime adversaries have been continuously improving the capabilities of commodity information stealer malware, making it more effective and harder to detect. Additionally, the availability of these malware types on dark web forums has increased, providing more cyber criminals with the tools needed to carry out attacks. The sheer number of tools available today is staggering, particularly for something as simple as an information stealer.

Based on analysis from multiple cyber security firms, several commodity information stealer malware types have emerged as the most prevalent from January 2023 to June 2024:

• Lumma Stealer primarily targeting credentials, browser-stored data, and cryptocurrency information, typically spreads through phishing attacks and malicious websites.
• RedLine Stealer targets banking credentials, cryptocurrency wallets, and browser-stored passwords. It is often distributed through phishing emails and malicious ads.
• Raccoon Stealer focuses on financial information, email credentials, and social media accounts, and is spread through compromised websites and bundled with pirated software.
• Vidar targets payment card information, system information, and various types of stored passwords, and is distributed through malicious email attachments and drive-by downloads.
• Azorult targets cryptocurrency wallets, browser credentials, and other credentials, and is often spread through exploit kits and malvertising.
• Mars Stealer targets banking information, e-commerce accounts, and stored browser data, and is distributed through phishing campaigns and social engineering.

The impact of commodity information stealer malware is profound, affecting both individuals and organizations. For individuals, the theft of personal information can lead to identity theft, financial loss, and long-term damage to their credit scores.

Organizations face even greater risks, including data breaches, financial penalties, and reputational damage. In the financial sector, the rise of information stealer malware has been particularly damaging. A 2024 report from Deloitte indicated in the first half of the year, there were over 15,000 instances of information stealer malware targeting financial institutions, resulting in losses exceeding US$200 million.

To combat the rising threat of commodity information stealer malware, modern endpoint security tools are required. The old days of legacy antivirus no longer cuts the mustard. Adequate endpoint protection, such as EDR, will prevent commodity information stealers from being able to successfully execute, blocking and quarantining them out of existence.

Additionally, implementing modern, advanced email filtering and phishing protection can prevent malware-laden emails from even reaching users inboxes. Ensuring all software and operating system vulnerabilities are regularly updated is another solid technique preventing malware from exploiting those avenues for infection. Conducting ongoing cyber security awareness training for the entire staff will educate users about the dangers of phishing, and how to employ safe browsing practices. Finally, a technique I often harp on is implementing multi-factor authentication (MFA). This adds an extra layer of security to logging-in, making it far more difficult for eCrime threat actors to gain that much-needed unauthorized access.

Commodity information stealer malware represents a significant and growing threat in the cyber security landscape. The dramatic increase in infections and the sophistication of these malware types underscore the need for vigilance and proactive measures. By understanding the nature of these threats and implementing robust security practices, organizations and individuals can better protect themselves against the pervasive risk of data theft. The fight against commodity information stealer malware is ongoing, but with the right strategies and awareness, we can mitigate its impact and safeguard all of our digital lives.

Sign Up for the Praeryx Newsletter

Are you interested in receiving the latest Praeryx blog posts directly to your inbox? Sign up for the Praeryx Newsletter today to stay informed about the latest cyber threats and adversary behavior, learn how to leverage cyber threat intelligence to protect your organization, and stay ahead of the ever-evolving cyber threat landscape!

Subscribe

Email sent! Check your inbox to complete your signup.

We do not spam you! Unsubscribe anytime.