"Stealer" malware is the new silent threat

"Stealer" malware is the new silent threat. Targeting anyone, both individuals and organizations, with the objective to harvest credentials and sensitive information from user devices and sell them on the Darkweb

Pro CISO's Threat Intelligence service is seeing an increasing flow of stolen information, exfiltrated by Stealers and made available in the Darkweb.

While Ransomware is very well to known to most people, this new Stealer malware threat is flying under the radar to silently install itself on more and more devices, uncaring if the target is an individual's device or a corporate device.

The objective is to remain unseen on the casual target for as long as possible, and gather any "interesting" data, such as:

  • user credentials: websites, email addresses, passwords, cookies 
  • personal data: information typed into forms when registering into a website
  • payment data: credit card details typed into webforms while ordering online
  • sensitive data: health and insurance data 
  • intellectual property: corporate information, source code

Stealers are developed to bypass antivirus and EDR solutions, and often they are sold to bad actors in the form of toolkits that can be customized to better suite the objectives of their customers for harvesting data and then selling it on the Darkweb.

Since preventive measures are not always effective against this type of malware, users need to be very cautious when accessing websites that don't have a good reputation and refrain from downloading software, "freeware", gamings hacks, and other tools from untrusted sources.

As always, Phishing remains an easy way for attackers to introduce malware into devices, and possibly compromise entire networks, therefore unsolicited emails from unknown senders should always be handled with extreme caution.

A final warning regarding Browser Extensions, as these can also contain software that will silently spy on every action done in the browser by the user. Once installed, these extensions have unlimited access to all the information, in clear text -unencrypted-, just as the user actually sees it or types it in the browser, to then invisibly send it out to apparently legitimate collection points (eg. Gdrive, Dropbox, WeTransfer, etc.).

In fact, Browser Extensions can ...

⚠️ See every web page, just the way you see it, in clear text.
⚠️ Capture your data while you are typing it in a form (eg. your credit card details, while you purchase a ticket)
⚠️ Send the data to a collection point on Dropbox or Gdrive, without you realizing that it's happening.

Therefore, we suggest to verify that the browser extension has a very high reputation:

✅ Is classified as a "featured" extension
✅ Has a 4 and above star rating
✅ Has been downloaded by millions of users. Don't be the Guinea pig.
✅ Check the "Privacy Practices" declarations
✅ Once installed read carefully the "Extension Details" to see if you can limit access only to specific web sites (when applicable)

Reach out to us for support or to know more about our Threat Intelligence services.