Discover more about malicious software that invades email accounts, internet browsers, digital wallets, and more – all in search of your confidential data
16 Apr 2025
•
,
6 min. read
In the realm of cybercrime, data acts as a tool to reach an objective. The ultimate goal is usually to generate profit. This is why data-pilfering (info poacher) malware has emerged as a significant catalyst for identity theft, account hijacking, and digital money embezzlement. However, there are numerous individuals who lead a substantial part of their daily routines online and successfully maintain their security. The crucial factor lies in comprehending how to adeptly handle digital vulnerabilities.
Below are the details you need to protect your personal and fiscal data from harm’s way.
What categories of data do data poachers pilfer?
Several data poachers may have originated from a well-known malware: a financial Trojan named ZeuS that was formulated to underhandedly extract victims’ economic details, like online banking credentials. After its code was leaked in 2011, newer versions flooded the illicit cyber domain, initiating the burgeoning info poacher sector, with programmers enhancing and customizing its functions. At present, there are variants crafted for nearly every computing system, from Windows PCs and macOS machines to iOS and Android devices.
The targets of data poachers differ based on the variant. Credentials, and session tokens, that might permit hackers to bypass multifactor authentication (MFA), are a favored objective. A study approximates that 75% (2.1 billion) of the 3.2 billion credentials stolen last year were procured via data poachers. Other personal and financial data that might be in jeopardy include:
- Payment card, bank account, and cryptocurrency particulars (e.g., crypto wallet codes)
- Other economic insights, encompassing insurance or government assistance (Social Security) facts
- Browsing data containing browsing history and any saved form content, which could involve payment particulars and passwords
- System data about your computer or device
- Files stored on your device/computer including images and papers
- Additional personal details like names, phone numbers, and addresses
How do data poachers function?
The intention of the malware is to tactfully and swiftly locate sensitive data on your machine or device and subsequently dispatch it to a server controlled by your assailants. This activity is achieved by infiltrating web browsers, email applications, crypto wallets, documents, programs, and the operating system itself. Additional methodologies comprise:
- Conducting “form nabbing,” which entails seeking logins that you might have inputted into an online form before it is dispatched to a secure server
- Implementing keylogging, which necessitates the malware to record each keystroke you execute
- Capturing snapshots of your home screen/desktop in case any sensitive data is visible
- Extracting data from the computer’s clipboard
Once the data is transferred to an adversary’s server, often within moments, they typically bundle it into logs and auction it in the criminal cyber realm. Con artists subsequently utilize it to:
- Seize your online profiles (e.g., Netflix, Uber) with the objective of pilfering information stored within and/or vending access to others
- Engage in identity theft, like applying for credit under your name or utilizing your cards/bank account to make purchases
- Undertake medical/insurance fraud by acquiring medical treatment/drugs using your identity
- Commit tax fraud by submitting tax returns under your name and collecting refunds
- Target your connections with phishing communications or junk mail
- Empty your financial accounts of funds
How can I become compromised with data poachers?
The primary step towards shielding yourself from data poachers is understanding their dissemination methods. Various avenues for assault exist, with the most prevalent inclusive of:
- Phishing emails/texts: A conventional social manipulation tactic to convince you to tap on deceptive links or launch an attachment, triggering a concealed malware setup. The threat actor will frequently pose as a credible individual, brand, or institution, including mimicking the sender domain and showcasing official emblems.
- Malevolent websites: These might be utilized as part of a phishing campaign or as a separate “property”. You might be prompted to download/click on a link, or the site could activate a “drive-by-download” simply by entering. Cyber criminals could employ black hat SEO techniques to illegitimately elevate these sites to the top of search rankings, increasing the likelihood of their visibility during your online searches.
- Compromised websites: At times, hackers hijack legitimate websites that you might browse, possibly by exploiting a browser loophole or embedding a malicious advertisement (malvertising). Both strategies could prompt an info poacher installation.
- Malicious apps: Authentic-looking applications might contain a malicious info-stealing element upon download. The hazard is particularly high for mobile gadgets that often lack robust protection compared to computers. Take particular caution with pirated editions of prevalent games and other software.
- Social trickeries: Deceivers may attempt to coax you into tapping on an appealing social networking ad or post, potentially by impersonatinga star or even seizing a valid account. Be cautious of deals, giveaways, and exclusive material that appear overly enticing.
- Game modifications/cheats: Unofficial alterations or cheats for video games might include infostealer malware. ESET investigators discovered numerous GitHub repositories purporting to provide farm bots and auto-clickers aimed at hastening gameplay on Hamster Kombat. In truth, they were concealing the Lumma Stealer variation.
Exploring the menace landscape
As ESET reveals in its H2 2024 Threat Report the infostealer market is big business for cybercriminals. The malware-as-a-service (MaaS) model has democratized access to many of the infostealer variants available on criminal marketplaces. Some of these sites also offer log parsing services to help cybercriminals extract data from raw logs for use or resale.
As ESET observes, these pieces of malware are under constant development. Formbook, for example, has been in operation since 2021. But most recently, it has added sophisticated obfuscation techniques, designed to make sampling and analysis by security researchers more difficult. Other variants, like RedLine, have disappeared due to coordinated law enforcement action. But others, such as Lumma Stealer, simply take their place. This variation recorded a 369% annual increase in detections in H2 2024, according to ESET research.
How can I avoid infostealers?
So how can you ensure an infostealer doesn’t infect your mobile device or computer? Given that the malware can spread through multiple methods, you must remember several best practices. These include:
- Install and maintain updated security software on all your devices. This is crucial for keeping yourself safe from infostealers and other threats.
- Stay alert to phishing attempts, which means refraining from clicking on links in any unsolicited messages or opening attachments. Always verify independently with the sender that they indeed sent you the message. Sometimes, hovering over the “sender” domain may reveal that the email was sent by someone else.
- Only download software/apps from official online platforms. Although malware can occasionally slip into Google Play, it is swiftly removed, and these official channels are much safer than third-party stores. Additionally, refrain from downloading any pirated or cracked software, especially if it is offered for free.
- Keep your OS and applications up to date, as the latest software version is generally the most secure.
- Exercise caution on social media and bear in mind that if an offer seems too good to be true, it probably is. If you have doubts, try searching online to see if it might be a scam. Also, be aware that the accounts of acquaintances and celebrities can be hacked to promote scams. Avoid clicking on any unsolicited links.
- Strengthen security during login by using robust, unique passwords for each account, stored in a password manager. Additionally, enable multi-factor authentication (MFA) for all your accounts. This will provide some defense against certain infostealer techniques like keylogging, even though it is not foolproof.
The key is to layer these measures, thereby reducing the avenues for attack that threat actors can exploit. However, bear in mind that they will strive to develop new workarounds, so remaining vigilant is essential.
About Author
