Last year saw a significant surge in cyberattacks as infostealing malware became a primary tool for cybercriminals. These malicious programs harvested vast amounts of sensitive data, enabling a range of attacks from ransomware to breaches targeting critical infrastructure. The widespread use of infostealers underscores the evolving tactics of cyber threats, posing increased risks to both organizations and individuals worldwide.
Recent reports highlight that the use of infostealers has intensified, with 2.1 billion credentials stolen in the past year alone. This marks a substantial increase compared to previous years, indicating a growing preference among cybercriminals for these versatile tools. The escalation in credential theft has broader implications, affecting various sectors and amplifying the potential impact of cyberattacks.
How Are Infostealers Increasing Credential Theft?
Infostealers were responsible for nearly two-thirds of the 3.2 billion credentials stolen from organizations, according to Flashpoint’s latest report. By focusing on identity and access, cybercriminals managed to steal 33% more credentials in 2024 compared to the previous year.
“Infostealers are proving to be incredibly versatile, contributing to account takeover, increasing data breach totals, acting as initial access vectors to ransomware, as well as assisting in exploitation via vulnerabilities,”
stated Ian Gray, Vice President of Intelligence at Flashpoint.
Which Systems Are Most Targeted by Infostealers?
Flashpoint researchers identified 23 million hosts and devices infected with infostealers, with the majority operating on Microsoft Windows. Corporate systems were particularly vulnerable, with nearly 70% of Windows device infections targeting businesses. Although some infostealers also target MacOS, Windows remains the preferred platform due to its extensive user base and established malware development infrastructure.
What Are the Most Prevalent Infostealer Strains?
The report identified 24 unique infostealer strains available on illicit marketplaces last year. Redline was the most widespread, infecting 9.9 million hosts, which accounted for 43% of all observed infostealer infections in 2024. Other significant strains included RisePro, SteaC, Lumma Stealer, and Meta Stealer. These malware variants are often designed to bypass specific security measures, making them more effective and harder to detect.
The exploitation of stolen credentials has led to major breaches, including attacks on Snowflake customers such as AT&T and Ticketmaster.
“Infostealers are effective tools due to their low costs, ease of use, and accessibility,”
Gray explained, highlighting the threat they pose to large enterprises. The accessibility and affordability of infostealers enable even low-skilled threat actors to execute large-scale attacks.
Organizations must prioritize robust cybersecurity measures, including multi-factor authentication and regular monitoring of credential usage, to mitigate the risks posed by infostealers. Enhanced employee training on recognizing phishing attempts and securing sensitive information can also reduce the likelihood of successful breaches. Investing in advanced threat detection systems will further help in identifying and neutralizing infostealer threats before significant damage occurs.
