- \n
- Bank\/Card information\u00a0<\/li>\n<\/ul>\n\n
- \n
- Personal data (home address, security number, phone number, etc.)\u00a0<\/li>\n<\/ul>\n\n
- \n
- Browser history data and cookies information\u00a0<\/li>\n<\/ul>\n\n
- \n
- Crypto wallets and keys\u00a0<\/li>\n<\/ul>\n\n
- \n
- Device-specific details (OS name, version, IP, installed software, etc.)\u00a0<\/li>\n<\/ul>\n\n
Infostealers are the most frequent type of attack in 2025<\/strong>\u00a0<\/h2>\n\n
In 2024, infostealer malware infected approximately 4.3 million devices, compromising around 3.9 billion credentials, including passwords and other sensitive data.\u00a0<\/p>\n\n
\n ![\"\"](\"https:\/\/www.forenova.com\/wp-content\/uploads\/2025\/06\/2-4-1024x1024.png\")
<\/a><\/figure>\n<\/figure>\n\n- \n
- Malware-as-a-Service on the rise<\/strong>\u00a0<\/li>\n<\/ol>\n\n
Underground forums represent a great source for potential hackers with minimal technical expertise to purchase this type of service (malware-as-a-service).\u00a0<\/p>\n\n
- \n
- The rise in cryptocurrency adoption<\/strong>\u00a0<\/li>\n<\/ol>\n\n
As the acceptance of cryptocurrency expands globally, hackers stand to gain significant returns on investment by obtaining wallet\/key information.\u00a0<\/p>\n\n
- \n
- Remote workforce & more online accounts than ever<\/strong>\u00a0<\/li>\n<\/ol>\n\n
People manage more online accounts and digital assets than ever before, and with more employees working from home on potentially less secure networks, it creates the perfect storm conditions for hackers to exploit.\u00a0<\/p>\n\n
How do Infostealers get in?<\/strong>\u00a0<\/h2>\n\n
1.<\/span> The classic bait and switch with phishing attackers distributing malicious payloads through deceptive communications.\u00a0<\/strong><\/h3>\n\n
These often take the form of malicious document attachments that exploit application vulnerabilities when opened. They also employ links directing users to credential harvesting sites or malware downloads disguised as legitimate resources. \u00a0<\/p>\n\n
2. Compromised Websites<\/strong> \u00a0<\/h3>\n\n
Hackers can unknowingly distribute malware on regular websites. Some attacks automatically download malicious files when you simply visit an infected site.\u00a0<\/p>\n\n
Harmful ads placed on legitimate websites can redirect visitors to dangerous content. Software downloads may contain hidden malware alongside the intended program.\u00a0<\/p>\n\n
3. Social Engineering<\/strong> \u00a0<\/h3>\n\n
Criminals may pretend to be technical support staff to convince victims to grant them remote access to computers. Deceptive messages on social media platforms exploit existing relationships to spread malicious links. Public QR codes can also lead individuals to risky websites.\u00a0<\/p>\n\n
4. Trojan Horse in Supply Chain<\/strong> \u00a0<\/h3>\n\n
Attackers often target the software development and distribution process, which may alter legitimate software updates to include malicious code. Many applications‘ development libraries and components are also susceptible to compromise.\u00a0<\/p>\n\n
Most popular Infostealer variants<\/strong>\u00a0<\/h2>\n\n
RedLine Stealer<\/strong>\u00a0<\/h3>\n\n
![\"\"](\"https:\/\/www.forenova.com\/wp-content\/uploads\/2025\/06\/1-4-1024x576.png\")
<\/figure>\nRedLine Stealer was frequently cited as one of the most dominant infostealers throughout 2023 and 2024. One report indicated it was responsible for 43% of observed infostealer infections in 2024. It targets credentials, cookies, credit card details, FTP clients, cryptocurrency wallets, and specific files.<\/p>\n<\/div><\/div>\n\n
LummaC2 Infostealer<\/strong>\u00a0<\/h3>\n\n
![\"\"](\"https:\/\/www.forenova.com\/wp-content\/uploads\/2025\/06\/2-1024x576.png\")
<\/figure>\nLumnaC2 saw a significant surge in detections in late 2024. Reports indicate massive increases in detections (e.g., a 369% increase from H2 vs. H1 2024, according to ESET), and it’s often listed among the top 3 most prevalent stealers. It targets crypto wallets, browser data (profiles, cookies, credentials), 2FA extensions, and system information.\u00a0<\/p>\n<\/div><\/div>\n\n
Rise Pro<\/strong> \u00a0<\/h3>\n\n
![\"\"](\"https:\/\/www.forenova.com\/wp-content\/uploads\/2025\/06\/3-1024x576.png\")
<\/figure>\nRise Pro is one of the most significant stealers, according to some reports (e.g., Kaspersky data places it second only to RedLine for 2024 infections).\u00a0<\/p>\n<\/div><\/div>\n\n
Racoon Stealer<\/strong>\u00a0<\/h3>\n\n
![\"\"](\"https:\/\/www.forenova.com\/wp-content\/uploads\/2025\/06\/4-1024x576.png\")
<\/figure>\nWhile its main developer was arrested, leading to a temporary dip, updated versions emerged, and it remains a frequently mentioned threat, particularly noted in some regional reports (like LACNIC for Latin America\/Caribbean) and historical data. It steals a wide range of credentials and crypto wallets.\u00a0<\/p>\n<\/div><\/div>\n\n
What IT Managers Can Do Today to Protect Against Infostealers<\/strong>\u00a0<\/h2>\n\n
- \n
- Start by disabling browser-based password storage across all endpoints and enforce the use of enterprise-grade password managers. This helps eliminate one of the most common data sources targeted by infostealers.\u00a0<\/li>\n<\/ul>\n\n
- \n
- Ensure that MFA is phishing-resistant by using hardware tokens or app-based push notifications rather than SMS codes.\u00a0<\/li>\n<\/ul>\n\n
- \n
- Next, segment your high-risk and legacy systems. Machines running outdated operating systems or OT equipment that can’t support modern EDR agents should be isolated using firewall rules and VLAN segmentation to prevent lateral movement.\u00a0<\/li>\n<\/ul>\n\n
- \n
- Secure endpoint and browser configurations by removing unnecessary software and plugins. Block installation of unsigned apps or browser extensions not vetted by your team. This reduces the potential attack surface significantly.\u00a0<\/li>\n<\/ul>\n\n
- \n
- Proactively monitor early signs of infostealer activity. Watch for unusual outbound connections, reuse of credentials from unknown IPs, or browser processes behaving abnormally.\u00a0
Traditional antivirus and firewall solutions aren\u2019t built to detect credential theft as it happens. That\u2019s where Managed Detection and Response (MDR) comes in.\u00a0<\/p>\n\n
With solutions like NovaMDR<\/a>, small and medium-sized businesses can gain:<\/p>\n\n
- Proactively monitor early signs of infostealer activity. Watch for unusual outbound connections, reuse of credentials from unknown IPs, or browser processes behaving abnormally.\u00a0
- Secure endpoint and browser configurations by removing unnecessary software and plugins. Block installation of unsigned apps or browser extensions not vetted by your team. This reduces the potential attack surface significantly.\u00a0<\/li>\n<\/ul>\n\n
- Next, segment your high-risk and legacy systems. Machines running outdated operating systems or OT equipment that can’t support modern EDR agents should be isolated using firewall rules and VLAN segmentation to prevent lateral movement.\u00a0<\/li>\n<\/ul>\n\n
- Ensure that MFA is phishing-resistant by using hardware tokens or app-based push notifications rather than SMS codes.\u00a0<\/li>\n<\/ul>\n\n
- Start by disabling browser-based password storage across all endpoints and enforce the use of enterprise-grade password managers. This helps eliminate one of the most common data sources targeted by infostealers.\u00a0<\/li>\n<\/ul>\n\n
- Remote workforce & more online accounts than ever<\/strong>\u00a0<\/li>\n<\/ol>\n\n
- The rise in cryptocurrency adoption<\/strong>\u00a0<\/li>\n<\/ol>\n\n
- Malware-as-a-Service on the rise<\/strong>\u00a0<\/li>\n<\/ol>\n\n
- Device-specific details (OS name, version, IP, installed software, etc.)\u00a0<\/li>\n<\/ul>\n\n
- Crypto wallets and keys\u00a0<\/li>\n<\/ul>\n\n
- Browser history data and cookies information\u00a0<\/li>\n<\/ul>\n\n
- Personal data (home address, security number, phone number, etc.)\u00a0<\/li>\n<\/ul>\n\n