Infostealer
The functionality of infostealers can vary, with some focused on data harvesting, while others offer remote access that allows additional malware to be executed.
In cybercrime, credential theft is a well-known mechanism through which malicious individuals steal personal information such as usernames, passwords, or cookies to illegitimately gain access to a victim's online accounts and computer.
[1] The bot framework includes a builder that allows the attacker to configure how the infostealer will behave on a user's computer and what kind of information it will steal.
The management interface, usually written in traditional web development languages like PHP, HTML, and JavaScript,[2] is typically hosted on the commercial cloud infrastructure.
[2] Infostealers are commonly distributed through the malware-as-a-service (MaaS) model, enabling individuals with varying technical knowledge to deploy these malicious programs.
While most infostealers primarily target credentials, some also enable attackers to remotely introduce and execute other malware, such as ransomware, on the victim's computer.
Another configuration also allowed the researchers to define a set of rules that could be used to test if additional HTTP requests contained passwords or other sensitive information.
[16] More recently, in 2020, researchers at the Eindhoven University of Technology conducted a study analysing the information available for sale on the underground credential black market impaas.ru.
[14] The researchers also found that the data most frequently stolen using the AZORult infostealers and sold on the black market could be broadly categorised into three main types: fingerprints, cookies, and resources.
[17] Setting up an infostealer operation has become increasingly accessible due to the proliferation of stealer-as-a-service enterprises, significantly lowering financial and technical barriers.
[2] In a 2023 paper, researchers from the Georgia Institute of Technology noted that the hosted stealer market is extremely mature and highly competitive, with some operators offering to set up infostealers for as low as $12.
[6] The COVID-19 post-pandemic shift towards remote and hybrid work, where companies give employees access to enterprise services on their home machines, has also been cited as one of the reasons behind the increase in the effectiveness of infostealers.
