January 23, 2023by Benji Preminger

Stealer malware: This simple software helps amateurs hack big targets

The number of compromised credentials for sale on the dark web has never been higher. Stolen logins pose a grave threat to companies and individuals, exposing sensitive corporate and private data to malicious cybercriminals.

Last month, several prolific underground markets auctioned off millions of login credentials stolen from over 700,000 infected computers, phones, and tablets. These included login access to all systems and platforms - from personal email and bank accounts to sensitive corporate and government portals.

The threat posed by compromised credentials has never been more acute. Data (such as login credentials) obtained illegally using stealer malware is for sale on many underground markets, allowing cybercriminals to gain unauthorized access to private accounts and networks. From this beachhead, having established a foothold into the targeted system, threat actors can launch further attacks - deploying ransomware, siphoning system resources, harvesting confidential data, and assuming control of logged-in financial accounts.

The Cybersixgill Portal finds leaks and alerts organizations in real time.

As the name suggests, Stealer malware is designed to swipe sensitive data from a victim's computer or network. The stolen data can include login credentials, stored cookies, financial data, personal information, and other sensitive documents and files.  

Stealer malware is distributed through various means, including fake applications, pirated software, 'malvertising' campaigns, email attachments, targeted phishing lures, and seemingly innocuous links clicked by users browsing the internet. Once installed on the victim's device, the malware operates silently in the background, covertly recording keystrokes and exfiltrating sensitive data without the victim's knowledge. This harvested data is stored in logs and transferred from the infected device to the hacker's remote command-and-control (c2) server. Having accrued multiple logs from their ecosystem of infected devices ("botnets"), the threat actor then packages and sells the stolen access credentials to the highest bidder on their dark web marketplace.

The purchaser of these so-called "stealer logs" can then leverage the access credentials as a starting point to launch various further attacks - depending on their level of sophistication.

On the lower end of the scale, "script kiddies" and other amateur fraudsters use the credentials to hijack accounts, siphon off stored resources and exfiltrate valuable data. At this point, they will often resell the same access to other cybercriminals in secondary underground markets.

Learn more about how Cybersixgill automatically aggregates data leaks and alerts customers in real time.

You may also like

A close-up, detailed, and vibrant image of a microscopic cell with numerous tentacle-like extensions, depicted in shades of pink and purple against a blurred blue background.

May 15, 2024

Black Basta's Devastating Attack on a US Hospital System: Lessons Learned and Protective Measures

Read more
Screen showing a malware alert

May 09, 2024

New 'Latrodectus' Malware Linked to Notorious 'IcedID' Developer: A Deep Dive into Targets, Potential Impact, and Remediation Steps

Read more
Chris Strand-Thumbnail

May 07, 2024

Enhancing Security Posture with Cyber Risk Intelligence Part 2

Read more