"As continues to evolve, infostealers are increasingly providing adversaries with the credentials they need to perform devastating cyber-attacks. You don't have to look far to find examples, with intrusions at Schneider Electric and Telefonica were also perpetrated using credentials stolen via infostealers. Attacks using infostealers often precede other breaches such as ransomware. 54% of ransomware victims' credentials first appeared in infostealer dumps, according to Verizon's 2025 Data Breach Investigations ."
"In September, cybersecurity researchers at Proofpoint issued a warning over a significant rise in the use of Stealerium malware used to harvest sensitive data from victims worldwide. The infostealer can exfiltrate a wide range of data, from browser credentials and crypto wallets to Wi-Fi profiles and VPN configurations. Perhaps the most famous infostealer and certainly the most active is Lumma Stealer."
"Attacks involving Lumma Stealer still account for four times more than prominent stealer Rhadamanthys and eight times more than Vidar, says Spence Hutchinson, staff threat intelligence researcher at eSentire TRU. Lumma, which is attributed to a malware author called Shamel, is found for sale on Russian-speaking crime forums and has been distributed since at least July 2024 via GitHub networks such as the Stargazers Ghost Network."
Infostealers are increasingly supplying cybercriminals with stolen credentials that enable high-impact intrusions and follow-on attacks. Intrusions at Schneider Electric and Telefonica used credentials obtained from infostealer dumps. Infostealer activity commonly precedes ransomware; Verizon found 54% of ransomware victims' credentials first appeared in such dumps. Proofpoint warned of a large rise in Stealerium, an infostealer that exfiltrates browser credentials, crypto wallets, Wi‑Fi profiles and VPN configurations. Lumma Stealer remains the most active strain, accounting for far more attacks than Rhadamanthys or Vidar. Lumma is sold on Russian-language forums, distributed via GitHub networks, and uses multi-vector, adaptive delivery techniques.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]