Infostealer malware on the rise: What to know to stay secure

Infostealer malware on the rise: What to know to stay secure

Experts predict that malware attacks in 2021 will happen about every 11 seconds. It seems like not only do cyberattacks occur multiple times every day, but hackers come up with new versions in record time. One example of a new type of malware, known as infostealer malware, is on the rise, posing a significant threat to businesses of all sizes in various industries.

As a business owner, you know how crucial it is to keep your most valuable information secure. But if you’re not familiar with this type of malware, you may not know where to start. The good news is we’re here to provide answers and explain the importance of staying vigilant.

The first thing you need to know is how to recognize infostealer malware…

What Is Infostealer Malware?

As the name suggests, infostealer malware is a type of malicious software designed to steal sensitive and confidential information. This theft of information is the key function infostealers perform for cybercriminals. Although fairly new, infostealers have become one of the top 20 malware threats.

Examples of this type of malware can be found in…

  • The banking industry, where TrickBot and other malware include components of infostealer malware
  • Spyware, where malicious software like Stalkerware hides on a network to obtain data and then transmits the stolen data directly to the hacker from the user’s hard drive
  • Backdoor malware that negates normal authentication procedures to gain unauthorized access to a network
  • Cryptostealers software that monitors infected computers to look for evidence of bitcoin transactions and then trick the unsuspecting user to send the bitcoin to the hacker’s wallet instead of the user’s intended endpoint
  • For practical purposes, a cyberattacker’s motive in injecting malware into an unsuspecting computer system is to make money from the information gathered.

    Infostealer malware attacks businesses through phishing scams aimed at cloud-based email providers like Microsoft Office 365. Businesses can expect this trend to continue as long as cloud migration continues to swell to serve remote workers.

    What Is Agent Tesla

    At this moment, your IT staff may find one variation in particular in 37% of spyware. The name of this infostealer is Agent Tesla. Agent Tesla is a RAT (a remote access trojan) that steals credentials, keystrokes, and other information from its victims. The Agent Tesla RAT spreads using an ISO file attached to an email asking for a quotation. Agent Tesla changes its evasion techniques and shifts data collection methods making it harder to recognize. Its ability to evolve, however, also means that purchasers of this trojan may customize it to their needs.

    Agent Tesla generally infects computers via a malicious payload or through infected documents (attachments) that the victim then downloads to their system. Agent Tesla first appeared around 2014 and has evolved several times since then. No matter the version, Agent Tesla infects the user and steals information using communication pathways on HTTP, SMTP, and FTP.

    Agent Tesla also uses the web service components of MariaDB, Apache, and PHP with the Server Message Block (SMB) open. Recent versions of Agent Tesla try to trick users into thinking the document is safe by adding “PDF” to its naming convention.

    Recent versions of this RAT appear to use the social media platform Telegram as an infection medium.

    What Is XLoader?

    XLoader is related to the Formbook malware family. Though Formbook malware disappeared from sale on the dark web in 2018, XLoader appeared in February 2020. The dark web has XLoader available for sale to collect the following:

  • Credentials
  • Screenshots
  • Information gleaned from web browsers
  • Keystrokes
  • XLoader also executes malicious malware. The infostealer malware attacks both Windows and Mac systems, and 53% of its victims were in the U.S. between December 1, 2020, and June 1, 2001.

    The malware attacks on Mac systems are bigger than previously known versions, and they are more dangerous, too.

    How Does Infostealer Malware Affect Businesses

    In recent years, malware has evolved to infect organizations rather than individual consumers. After all, that’s where the real money is. During the height of the COVID-19 pandemic, hackers created thousands of fake Zoom sites, which tricked users into downloading malware disguised to look like video conferencing software. The other popular mode of infection is through unsecured Remote Desktop Protocol (RDP) ports, which grew rapidly during the pandemic as workers shifted to working from home.

    There are several ways that the information illegally obtained by infostealer malware can affect your business…

  • Attacks on Microsoft Office 365 provide hackers with access to administrative control of all accounts and the domain.
  • Emotet started as a banking trojan but now has botnet capabilities and often downloads TrickBot or malicious ransomware.
  • Infostealers search through business data, client data, and personal data that it finds on the network all without you knowing what’s happening. The theft of such data tends to become very expensive. The global average cost of a data breach is now around $3.86 million. Data breaches also hurt your business’s reputation and cause consumer distrust.
  • Infostealers often target a business’s bank account, which then allows the malware to take money out of the account without your knowledge or consent.
  • Taking the Necessary Steps to Stay Secure

    Malware is not going away anytime soon. Infostealer malware is just one of the latest tactics developed by cybercriminals to steal your information. If you want to make sure that your business’s sensitive financial information and your customers’ personal data remain safe, you must take proactive steps to ensure that position. Those steps include the following:

  • Following cybersecurity best practices
  • Updating software and operating systems with security patches as soon as received
  • Keeping work computer systems separate from personal computer systems
  • Training employees to spot phishing and other email scams
  • Keeping employees and managers aware of the latest cybersecurity threats
  • Don’t underestimate the importance of cybersecurity—not when your most valuable information is at stake. Learn about the network security services available from IT Management Solutions today. We’re here to secure your network and help your business grow.