Information stealer malware is a type of malicious software designed to collect sensitive information from a victim’s computer. Also known as info stealers, data stealers or data-stealing malware, this software is true to its name: after infecting a computer or device, it’s highly adept at exfiltrating login credentials, financial information and personal data.
Info stealers typically operate by monitoring keyboard input, capturing screenshots and intercepting network traffic. They may also search a hard drive for specific types of data. The stolen information is then exfiltrated to the attacker’s command-and-control (C2) server for further exploitation.
Information stealer malware has flourished on underground criminal networks. With extortion currently thriving, info stealer malware is also on the rise. Plus, info stealer services for financial fraud attacks are available on the dark web for as little as $200 per month.
Though this type of malware has been around in some form for over two decades, the ZeuS trojan was by far one of the most influential info stealers in that timeframe. Let’s take a look at the history of info stealers, and how this type of threat impacted cybersecurity then and now.
What Was the First Info Stealer?
One of the earliest known examples of a successful information stealer attack was the Melissa virus in 1999. One of the first highly successful email worms, Melissa spread rapidly through the use of infected Microsoft Word macros. The worm arrived in the form of an email with an attached document named “list.doc.”
When the recipient opened the attachment, the worm infected the victim’s computer and continued to spread. It replicated itself by sending infected emails to the first 50 contacts in the victim’s Microsoft Outlook address book. Experts categorize Melissa as an info stealer because, in addition to its worm-like behavior, it also accessed the victim’s email address book and harvested email addresses.
Harvesting information from the infected computer is a hallmark of info stealer malware. However, it’s worth noting that Melissa was primarily a self-replicating worm. The information-stealing capability was a secondary…