Kaspersky has reported that nearly 10 million personal and corporate devices were compromised by data-stealing malware in 2023, marking a staggering 643% increase over the past three years.
This alarming trend highlights the growing sophistication of cybercriminals and the increasing vulnerability of both individuals and organizations to data theft.
Information stealers, a type of malware designed to collect sensitive data such as login credentials, financial information, and personal details, have become increasingly prevalent in the cybercrime ecosystem.
According to Kaspersky’s report, the malware is often distributed through sophisticated methods, including malvertising on adult websites and YouTube comment spam, making them difficult to detect and prevent.
Over 10 Million Personal And Corporate Devices Infected
Kaspersky’s Digital Footprint Intelligence data revealed that cybercriminals stole an average of 50.9 login credentials per infected device.
These credentials often include access to social media accounts, online banking services, crypto wallets, and various corporate online services, including email and internal systems.
One of the factors contributing to the surge in infections is the availability of information stealers through subscription-based models on the dark web.
This “malware-as-a-service” approach has lowered the barrier to entry for aspiring cybercriminals, allowing even those with limited technical skills to launch attacks.
Among the various infostealer malware families, Redline emerged as the dominant threat, accounting for 55% of devices targeted by password-stealer attacks in 2023.
Other notable malware families included Vidar (17%) and Raccoon (nearly 12%). The underground market for data-stealing malware is expanding rapidly, with new stealers gaining popularity.
Between 2021 and 2023, the share of infections caused by new stealers surged from 4% to 28%. In 2023, the newly emerged “Lumma” stealer alone was responsible for over 6% of all infections.
Several information stealers have gained prominence in recent months:
-
Kral Stealer: Initially discovered as a downloader for other malware, Kral has evolved into a full-fledged stealer targeting cryptocurrency wallets and browser data.
-
AMOS: This macOS-specific stealer masquerades as legitimate software, tricking users into granting it system access. It employs deceptive tactics to collect user passwords and system information.
-
Vidar/ACR: This complex malware chain uses YouTube comments for distribution and employs multiple stages of infection, ultimately deploying the ACR stealer to exfiltrate sensitive data.
The widespread infection of devices by information stealers poses severe risks to both individuals and organizations. Stolen credentials can lead to financial losses, identity theft, and further cyberattacks.
For businesses, compromised corporate networks can result in data breaches, reputational damage, and potential ransomware attacks.
Cybersecurity experts recommend several measures to mitigate the risk of infection:
-
Implement two-factor authentication (2FA) for all accounts
-
Use unique, strong passwords for each online service
-
Download software only from official websites
-
Verify website authenticity before downloading any files
-
Keep operating systems and security software up to date
As information stealers continue to evolve and increase, maintaining vigilance and adopting robust cybersecurity practices is crucial for protecting personal and corporate data from this growing threat.
Indicators of compromise
**Kral** 02c168aebb26daafe43a0cccd85397b2039bebb6ccc2c447c879eb71cd7a5ba80509cc53472b265f8c3fc57008e31dbe **Amos** ec7f737de77d8aa8eece7e355e4f49b9dd2832f4bf8f9c429f23ebb35195c791 **Vidar** 6f9d3babdeea3275489589ee69bc3f31
