InfoStealers | The all-around Infostealers hub.

COMPROMISED MACHINES

the all-around
info-stealers hub.

Explore topics →

What are infostealers?

What is an “info-stealer”? (Part Ⅰ)

June 7, 2022

Botnets & Info-Stealers (Part Ⅱ)

July 14, 2022

Botnets & Info-Stealers (Part Ⅲ)

January 1, 2023

BLOG

READ OUR POSTS ABOUT INFO STEALERS

REPORTS

STAY UPDATED WITH OUR INFO STEALER REPORTS

FREE TOOLS

ARE YOU COMPROMISED?

As Seen On

Featured Articles →

An Infostealer’s Brewin’: Cuckoo & AtomicStealer Get Creative

Initial Access Brokers, Infostealers, and Everything Between Them

Identity Behind Massive Discord Spying Tool Revealed due to Infostealer Infection

Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare

Distribution of Infostealer Made With Electron

Redline Stealer: A Novel Approach

An Infostealer’s Brewin’: Cuckoo & AtomicStealer Get Creative

Summary So far, 2024 really has been the year of the infostealer when it comes to macOS malware. Families like AtomicStealer, Cuckoo, and CloudJump are getting dumped like crazy from search engine ads and crack sites. This post examines a particularly sneaky typosquatting campaign that’s being used to deliver both AtomicStealer and Cuckoo. It makes use of a fake homepage

Initial Access Brokers, Infostealers, and Everything Between Them

Introduction Hudson Rock recently shed light on how a compromised Citrix account without MFA was potentially used to deploy a devastating ransomware attack on Change Healthcare. This attack not only led to business disruption but also resulted in a ransom payment of $22 million. The likely cause was an employee being infected with Infostealing malware. To demonstrate the prevalence of Infostealer infections,

Identity Behind Massive Discord Spying Tool Revealed due to Infostealer Infection

This article aims to shed light on the identity behind a massive Discord spying tool and raise concerns about the possibility of private Discord data being accessed by hackers. Intro A controversy surrounding the anonymously-run website spy.pet has recently made headlines, raising serious privacy concerns. The website is designed to enable anyone to access messages from over 300,000,000 Discord users

Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare

In late February 2024 Change Healthcare suffered a devastating ransomware attack which led to major disruptions to the company’s platform, estimated at a staggering $872,000,000 The attack which was carried out by BlackCat ransomware group also resulted in a $22,000,000 ransom payment. But how did this happen? In a testimony by Andrew Witty, Change Healthcare’s CEO, it is revealed that

Distribution of Infostealer Made With Electron

AhnLab SEcurity intelligence Center (ASEC) has discovered an Infostealer strain made with Electron. Electron is a framework that allows one to develop apps using JavaScript, HTML, and CSS. Discord and Microsoft VSCode are major examples of applications made with Electron. Apps made with Electron are packaged and usually distributed in Nullsoft Scriptable Install System (NSIS) installer format. The threat actor

Redline Stealer: A Novel Approach

A new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious behavior.McAfee telemetry data shows this malware strain is very prevalent, covering North America, South America, Europe, and Asia and reaching Australia. Infection Chain Source: Add a Custom Script to Windows Setup | Microsoft Learn We can confirm that c:\WINDOWS\system32\oobe\Setup.exe launches cmd.exe

INFOSTEALERS WEEKLY REPORT

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

18,432