Recognise, understand and defend against info stealers

12. October, 2023

Info stealers are a particularly dangerous form of malware that has gained in importance in recent years. They aim to steal confidential information from infected systems. This information often includes access data, credit card information, personal identification data and other sensitive data, which the attackers can then use for criminal purposes.

Both private individuals and organisations are targeted by the attackers. Any system that has valuable information can potentially become the target of info stealer attacks.

Known attacks with info stealers

Info stealers usually operate in the background and work secretly to transmit the stolen information to the attackers. However, some attacks involving info stealers have gained notoriety.

Emotet was one of the biggest and most dangerous malware threats of recent years. It is a modular Trojan that also contains info stealing capabilities. Emotet was first discovered in 2014 and used for various types of attacks, including ransomware, stealing credentials, and sending spam emails.

TrickBot, a versatile malware, also has info stealing capabilities to collect sensitive information, among other features. Trickbot began as a banking Trojan, but over time evolved into an extensive botnet.

How info stealers work

The development of Info stealers has taken place over several years. First variants were discovered since the late 1990s, and their functionality has been continuously expanded. They use various techniques to collect confidential information:

  • Keylogging: Info stealers can record keystrokes to grab usernames, passwords, and other sensitive information.
  • Screenshots: Some Info stealers can take screenshots to capture information from online banking transactions or other sensitive activities.
  • Database access: Info stealers can gain access to databases to steal information stored there.
  • Email hijacking: Info stealers can intercept and read emails to extract confidential information such as banking details or trade secrets.

Aims and uses of info stealers

The stolen information is extremely valuable to attackers and can be used in various ways:

  • Identity theft: By stealing personal identification data, attackers can steal identities and use them for fraudulent activities or illegal access to financial accounts.
  • Financial exploitation: Info stealers are often used to steal access data to online banking accounts, credit card details or other financial information. The attackers can use this information to withdraw money from the affected accounts or carry out fraudulent transactions.
  • Industrial espionage: Info stealers can be targeted to steal corporate secrets and confidential information from companies or government agencies. This stolen information can then be used for competitive advantage or political purposes.
  • Blackmail: In some cases, attackers use Info stealers to steal sensitive data such as personal photos, private correspondence, or sensitive company data. They then blackmail victims by threatening to publish this information unless a ransom is paid.

Detect and fend off info stealers

To detect and defend against info stealers, users and organisations need to be aware of the risks and take appropriate security measures. These include regular updates of operating systems and applications, reliable antivirus and security solutions, secure password policies and training to raise awareness of phishing attacks.

In addition, it is important to watch out for suspicious activity and unusual behaviour to detect and combat a possible info stealer infection early on. Here are some signs to look out for:

  1. Slower system performance: Info stealers can put a strain on system resources and slow down the general performance of the computer. If your computer suddenly slows down significantly, this could be an indication of a possible infection.
  2. Unexplained network activity: Info stealers need to transmit the stolen information to the attackers. This often leads to increased network activity on the computer. If you notice that your network activity is high for no apparent reason, this may indicate an info stealer.
  3. Changes to files or system settings: Info stealers can modify files and system settings to disguise their presence or enhance their functionality. If you notice any unusual changes to your files or system settings, especially related to security software or firewall settings, you should investigate further.
  4. Missing or altered security programs: Some info stealers may try to disable or bypass antivirus and security programs to remain undetected. Regularly check that your security software is working properly and is up to date.
  5. Unknown processes or services: Monitor your running processes and services for unknown or suspicious entries. Info stealers can masquerade as legitimate processes, so it is important to check and investigate suspicious activity.
  6. Unexplained pop-ups or advertisements: Info stealers may display pop-ups or unwanted advertisements to distract or deceive the user. If you notice any unusual pop-ups or advertisements, especially those related to security issues, you should be cautious.

The above examples do not necessarily indicate an info stealer, there may be other causes. However, if you notice several of these signs, we recommend checking your system for possible infections with the help of reliable antivirus software or IT security experts.

This might also interest you:

Wiper-Malware: destroying not blackmailing
IoT botnet attacks on the rise: practical tips for minimising risk
Location tracking: Risks from location data

Red Teams, Blue Teams, Purple Teaming

Living Off the Land attacks

MSSP of the Year 2024

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download