Was ist Infostealer-Malware?

Infostealers are a type of malicious software (malware) designed to infiltrate computer systems and steal sensitive information. They collect various types of data that are used by cybercriminals to gain access to restricted data, such as 

• Login credentials 

• Bank/Card information 

• Personal data (home address, security number, phone number, etc.) 

• Browser history data and cookies information 

• Crypto wallets and keys 

• Device-specific details (OS name, version, IP, installed software, etc.) 

Infostealers are the most frequent type of attack in 2025 

In 2024, infostealer malware infected approximately 4.3 million devices, compromising around 3.9 billion credentials, including passwords and other sensitive data. 

1. Malware-as-a-Service on the rise 

Underground forums represent a great source for potential hackers with minimal technical expertise to purchase this type of service (malware-as-a-service). 

2. The rise in cryptocurrency adoption 

As the acceptance of cryptocurrency expands globally, hackers stand to gain significant returns on investment by obtaining wallet/key information. 

3. Remote workforce & more online accounts than ever 

People manage more online accounts and digital assets than ever before, and with more employees working from home on potentially less secure networks, it creates the perfect storm conditions for hackers to exploit. 

How do Infostealers get in? 

1. The classic bait and switch with phishing attackers distributing malicious payloads through deceptive communications. 

These often take the form of malicious document attachments that exploit application vulnerabilities when opened. They also employ links directing users to credential harvesting sites or malware downloads disguised as legitimate resources.  

2. Compromised Websites  

Hackers can unknowingly distribute malware on regular websites. Some attacks automatically download malicious files when you simply visit an infected site. 

Harmful ads placed on legitimate websites can redirect visitors to dangerous content. Software downloads may contain hidden malware alongside the intended program. 

3. Social Engineering  

Criminals may pretend to be technical support staff to convince victims to grant them remote access to computers. Deceptive messages on social media platforms exploit existing relationships to spread malicious links. Public QR codes can also lead individuals to risky websites. 

4. Trojan Horse in Supply Chain  

Attackers often target the software development and distribution process, which may alter legitimate software updates to include malicious code. Many applications‘ development libraries and components are also susceptible to compromise. 

Most popular Infostealer variants 

RedLine Stealer 

RedLine Stealer was frequently cited as one of the most dominant infostealers throughout 2023 and 2024. One report indicated it was responsible for 43% of observed infostealer infections in 2024. It targets credentials, cookies, credit card details, FTP clients, cryptocurrency wallets, and specific files.

LummaC2 Infostealer 

LumnaC2 saw a significant surge in detections in late 2024. Reports indicate massive increases in detections (e.g., a 369% increase from H2 vs. H1 2024, according to ESET), and it’s often listed among the top 3 most prevalent stealers. It targets crypto wallets, browser data (profiles, cookies, credentials), 2FA extensions, and system information. 

Rise Pro  

Rise Pro is one of the most significant stealers, according to some reports (e.g., Kaspersky data places it second only to RedLine for 2024 infections). 

Racoon Stealer 

While its main developer was arrested, leading to a temporary dip, updated versions emerged, and it remains a frequently mentioned threat, particularly noted in some regional reports (like LACNIC for Latin America/Caribbean) and historical data. It steals a wide range of credentials and crypto wallets. 

What IT Managers Can Do Today to Protect Against Infostealers 

• Start by disabling browser-based password storage across all endpoints and enforce the use of enterprise-grade password managers. This helps eliminate one of the most common data sources targeted by infostealers. 

• Ensure that MFA is phishing-resistant by using hardware tokens or app-based push notifications rather than SMS codes. 

• Next, segment your high-risk and legacy systems. Machines running outdated operating systems or OT equipment that can’t support modern EDR agents should be isolated using firewall rules and VLAN segmentation to prevent lateral movement. 

• Secure endpoint and browser configurations by removing unnecessary software and plugins. Block installation of unsigned apps or browser extensions not vetted by your team. This reduces the potential attack surface significantly. 

• Proactively monitor early signs of infostealer activity. Watch for unusual outbound connections, reuse of credentials from unknown IPs, or browser processes behaving abnormally. 
   

Traditional antivirus and firewall solutions aren’t built to detect credential theft as it happens. That’s where Managed Detection and Response (MDR) comes in. 

With solutions like NovaMDR, small and medium-sized businesses can gain:

• We conduct 24/7 behavioral monitoring of endpoints, networks, and cloud activity to detect abnormal data exfiltration in real-time. 

• We ensure expert validation of threats to prevent false positives from overshadowing genuine alerts. 

• We detect credential theft by spotting anomalies such as logins from new geographies, cookie harvesting behaviors, and password dumping tools. 

• We deliver immediate response capabilities such as isolating infected endpoints, halting suspicious processes, or triggering password resets. 

Ready to stop infostealers before they ruin your business? Check out NovaMDR.