New Zealand has launched a trust framework for digital identity, a crucial step towards the country's digital transformation.
Beware of digital thieves. How to protect yourself from “stealers”
Stealers are a type of malware specifically designed to steal sensitive data from our computers. One of their dangers lies in enabling individuals with limited technical knowledge to cause significant harm.
T
hese programs operate like stealthy criminals, infiltrating systems via the internet and hiding in the background. Their main objective is to wait for the opportune moment to capture information we input, such as login credentials, passwords, and even financial data.
How do stealers operate?
Depending on their type and purpose, stealers follow a series of steps, but they generally adhere to a basic process:
- Infection. The malware enters the victim’s system through methods such as downloading infected files, phishing emails, compromised websites, or exploiting software vulnerabilities.
- Persistence. Once the stealer infects a system, it often tries to remain hidden and avoid detection. It can achieve this by modifying system files, registering entries for automatic startup, or using advanced techniques to evade antivirus and security systems.
- Data capture. The primary objective of the stealer is to capture sensitive user information.
- Sending stolen data. Once the desired information is collected, the stealer sends it back to the server controlled by cybercriminals. This may be done in encrypted form to evade detection.
To capture data, they employ various tactics:
- Keyloggers. These act as keystroke loggers, capturing everything typed on the keyboard including passwords, credit card numbers, and any other sensitive data we type.
- Hidden fields in web forms. Stealers can inject additional invisible fields into legitimate web forms. When we enter our data into the form, these hidden fields also capture the information and send it to the attacker.
- Stealing stored information. Some stealers go further by actively seeking confidential information stored on the infected computer (even in the clipboard). This can include text files, browser cookies, or password managers.
Examples of stealers: constant evolution to maintain effectiveness
The landscape of malware is constantly evolving, adapting and becoming more sophisticated to evade security defenses and maximize impact. Within this context, stealers stand out as a particularly insidious category. Over time, stealers have adopted new techniques and methods to enhance their performance and stealth. Some well-known examples of stealers include:
- RedLine Stealer. This malware specializes in stealing passwords stored in the browser and sending them to an external server controlled by cybercriminals.
- Bloody Stealer: Illustrates the stealth capabilities of stealers. This malware disguises itself within illicit tools purportedly designed to circumvent licensed software activation. Once installed, Bloody Stealer operates discreetly while harvesting user credentials.
- Infostealer: A generic term referring to a type of Trojan whose primary objective is to infiltrate computers and fraudulently steal confidential information from the owner.
- Remcos RAT: Although categorized as a Remote Access Trojan (RAT), Remcos can also be utilized for the theft of personal and financial information by enabling attackers to remotely access and control compromised systems.
- Pony Stealer (Fareit): Specializes in stealing credentials stored in web browsers or email clients. Renowned for its high effectiveness in harvesting sensitive data.
- Zeus Trojan: Initially known as a banking Trojan, Zeus has also been adapted to operate as a stealer, capturing login information and user credentials while browsing the web.
Risks to identity integrity or financial security
The consequences of a stealer infection can be devastating. By seizing our passwords and financial information, cybercriminals gain the key to access our bank accounts, social networks, and other online services. This can result in:
- Theft of money. With stolen bank credentials, criminals can make fraudulent transfers or purchases in our name.
- Identity theft (phishing). By accessing our social networks, attackers can impersonate us to deceive our contacts and obtain more information or money.
- Loss of control. By taking control of our online accounts, cybercriminals can change passwords, lock us out, and cause significant disruption to our digital lives.
All information stolen by stealers ends up in the clandestine market of credentials through platforms like Telegram or forums on the dark web. In this market, cybercriminals buy and sell all these stolen personal data. They are used for various illicit purposes. The demand for stolen personal information is high due to its value in the digital black market, where it is traded clandestinely and easily monetized. Therefore, protecting oneself against stealers and other cyber threats is not only crucial for individual security but also to prevent inadvertently contributing to this lucrative illegal data market.
Precautionary measures to prevent vulnerabilities
How can we protect ourselves from stealers and other types of malware? Is it inevitable to suffer such attacks sooner or later? Some basic tips that can help keep us safe include: keeping software and operating systems updated regularly, as updates often include security patches that fix vulnerabilities exploitable by stealers; employing robust antivirus and anti-malware programs, which provide an additional layer of defense by detecting and blocking these programs before they can install and cause harm.
Using strong and unique passwords for each online account is another key aspect of security. Avoiding weak or easily guessable passwords helps prevent unauthorized access. Additionally, maintaining a vigilant approach towards suspicious emails and attachments is recommended, avoiding opening messages from unknown senders or clicking on links that may redirect to malicious sites. Downloading attachments only from trusted sources minimizes the risk of infection.
When browsing the internet, it’s advisable to avoid visiting websites with questionable reputations that may contain hidden stealers or other types of malware. Adopting these security practices can significantly reduce exposure to cyber risks and safeguard personal and financial information from online theft and fraud.
New threats on the horizon
The recent discovery of three new stealers (Acrid, ScarletStealer, and the Sys01 update) underscores that cybercriminals persist in adapting to technological changes and exploiting security gaps. The emergence of these new stealers highlights the need to remain vigilant and implement robust measures.
Stealers pose a genuine threat to our privacy and digital security. Understanding their operation and adopting appropriate precautions is crucial to protecting our sensitive data. It’s essential to remember that cybersecurity is a shared responsibility.
Learn why our solutions keep your business safe from threats