Infostealers

What are infostealers?

Infostealers (information-stealing malware) are used to steal sensitive information, such as login details, financial information, and other personally identifiable information. The stolen information is then packaged, sent to the attacker, and typically traded to other cybercriminals.

When did infostealers first appear?

The history of infostealers is longer than you might think. Stealers have been observed in the wild for nearly two decades. Ever since “ZeuS,” also known as “Zbot”, first appeared in 2006, stealers have been in high demand across illicit communities and have been an effective weapon in the threat actor digital arsenal.

What information can infostealers get?

In general, infostealers are capable of stealing user login credentials, network details, browser data like history and autofill data, communication logs, and computer information.

• User credentials: usernames and passwords, browser login links, secret keys, 2FA backup codes, server passwords, Virtual Private Networks (VPNs) and File Transfer Protocol (FTP) details
• Browser data: browser history, search history, cookies, and autofill data, such as saved credit card numbers
• Communication data: messaging and email conversation logs
• Documents and text files: financial information, corporate data, crypto private keys and crypto wallets
• Computer information: including operating system details, metadata, Internet Protocol (IP) addresses, applications installed on the computer, anti-virus software used, and end-point detection capabilities
• Images: including screenshots of the desktop taken by the malware

How do devices get infected with infostealers?

The most common ways devices get infected with infostealers include phishing, malicious downloads, malvertising and SEO poisoning, and malicious websites.

What are common signs of an infostealer infection?

How do I know if my devices or network have been compromised by infostealers?

While infostealers are designed to operate silently in the background, a few telltale indicators include: unusual account activity, system performance changes, increased amount of spam messages, browser issues like popups, and financial irregularities.

Infostealers in 2025

Flashpoint has observed a significant rise in the use and popularity of infostealers. These tools have contributed to the theft of over 1.8 billion credentials—an 800% increase over the last four months in 2025. This includes over a billion corporate and personal email accounts, passwords, cookies, and other sensitive data.

What are the top infostealers in 2025?

Flashpoint has identified several newly emerging information-stealing malware strains that are potentially likely to shape the threat landscape. Some of the newest infostealers in 2025 include Katz, Bee, Cyber, AURA, and Acreed.

How Can I Defend against Infostealer Attacks?

Infostealers are evolving and changing as they evade law enforcement agencies, making it critical for teams to stay up to date on the most current infostealers. So far, the Flashpoint Intelligence Team has seen stealers repurposed or duplicated as “new” strains after a takedown.

Security teams can also bolster their defenses through primary source threat intelligence, enabling you to uncover infection trends and act decisively before infostealers can be used against you.

Check out this comprehensive guide to safeguard against infostealer malware.

Infostealer Threat Posture Assessment

• Is my organization actively monitoring online channels and communities where our stolen credentials are often shared?
• Do my security teams and third-party partners have plans in place to respond to infostealer infections and mitigate their impact?
• Is my Cyber Threat Intelligence team knowledgeable of the most prolific stealer strains and how they bypass security measures?

How Does Flashpoint Protect You Against Infostealers?

Flashpoint Fraud Intelligence incorporates detailed infostealer logs—giving users visibility into compromised credit card information, empowering faster and more accurate detection of fraud.

Here’s how Flashpoint Fraud Intelligence gives you an edge in credit card fraud prevention:

• Access to breach details: View breach information, including whether your organization has been affected, for a more detailed and actionable understanding of threats.
• Real-time detection and response: Help CTI and Fraud teams detect compromised data and respond quickly, reducing the time between data compromise and fraud detection.
• Monitor dark web activity: Track the movement of stolen credit card information as it surfaces in underground forums and marketplaces.
• Detect compromised credit cards earlier: Take action by canceling or blocking cards before fraud can occur.
• Enrich fraud detection algorithms: Improve your risk scoring and fraud detection systems by using Flashpoint to strengthen machine learning models.

To learn more about how Flashpoint’s intelligence platform can help you avoid a $5M attack, request a demo today.