Infostealer Malware Market Booms, as MFA Fatigue Sets In
Malicious actors are finding success deploying information stealer (infostealer) malware, combining stolen credentials and social engineering to carry out high-profile breaches and leveraging multifactor authentication (MFA) fatigue attacks.
These were among the findings of a report from Accenture’s Cyber Threat Intelligence team (ACTI) surveying the infostealer malware landscape in 2022, which also noted a spike in the number of Dark Web advertisements for variety of new infostealer malware variants.
The marketplace for compromised credentials is also growing, according to the report, which takes an in-depth look at a Russian market site used by malicious groups RedLine, Raccoon Stealer, Vidar, Taurus, and AZORult to obtain credentials for sale.
Paul Mansfield, cyber-threat intelligence analyst at Accenture, explains the most important point to understand about the rise of the rise of infostealer malware is the threat to corporate networks.
“There are many examples throughout 2022 of infostealer malware being used to harvest the credentials which serve as an entry point for further attacks,” he says.
For Mansfield, the most concerning finding from the report was the damage that can be done at such little cost to the threat actor.
“The malware generally costs around $200 for one month plus a few other minor additional costs,” he notes. “During that time, they can steal a high volume of credentials from around the globe, pick out the most valuable for targeted attacks — of which there have been several high-profile examples in 2022 — and sell the rest in bulk to marketplaces for others to do the same.”
Ricardo Villadiego, co-founder and CEO of Lumu, says the rise of infostealer malware is a consequence of the ransomware-as-a-service business (RaaS) model boom.
“There are as many variants of infostealers as people willing to pay for the code,” he explains. “The people behind infostealer malware attacks range from individuals with low technical skills to groups allegedly sponsored by governments.”
He adds that what those groups of people have in common is the interest in gathering sensitive data (personal data from their computers, including login credentials, bank account details,…
