Free Demo

Trending

Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
HomeBlog
Cyble Research Labs – Analysis Report of Stealer Malware Family
Cyble-Research-Lab-Stealer-Malware-Family

Cyble Research Labs – Analysis Report of Stealer Malware Family

ver the past year, Cyble Research Labs has noticed extensive usage of “Stealer” malware by initial access brokers to compromise victims. These initial access brokers can trade these credentials with other criminal groups, launching targeted attacks on specific organizations. These are designed to steal user credentials such as usernames, passwords, and cookies and send them to a server under the attacker’s control. The stolen information is then aggregated and sold to other interested criminal groups that can abuse this access for espionage, data theft, or even ransomware attacks. This report reveals the prevalence of stealer malware campaigns and evolving models.

Over the past year, Cyble Research Labs has noticed extensive usage of “Stealer” malware by initial access brokers to compromise victims. These initial access brokers can trade these credentials with other criminal groups, launching targeted attacks on specific organizations. These are designed to steal user credentials such as usernames, passwords, and cookies and send them to a server under the attacker’s control. The stolen information is then aggregated and sold to other interested criminal groups that can abuse this access for espionage, data theft, or even ransomware attacks. This report reveals the prevalence of stealer malware campaigns and evolving models.

Stealers or “info stealers” are malware variants belonging to the Trojan family. These are designed to steal user credentials such as usernames, passwords, and cookies and send them to a server under the attacker’s control. These attackers – also called “initial access brokers” – tend to use phishing campaigns to distribute such stealer malware and gather user credentials, system information, and even screenshots or data from their victims. The stolen information is then aggregated and sold to other interested criminal groups that can abuse this access for espionage, data theft, or even ransomware attacks.

Cyble has analyzed 50+ Stealer variants that are in circulation and are being widely used in various threat campaigns globally.

The top 10 Stealer variants are listed below:

RedLine
Bloody
Raccoon
Loki
Vidar
CopperStealer
Oski
KPOT
Mars
AZORult
Top 10 Stealer Malware Variants

About Us

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the Darkweb. Its prime focus is to provide organizations with real-time visibility to their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Start-ups to Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit https://cyble.com.

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.
why cyble

Get Threat Assessment Report

Identify External Threats Targeting Your Business​
Get My Report
Free
Cyble Vision
AI-Ransomware-Hacktivism-Webinar

Threat Landscape Reports 2025

annual-threat-report-2025
Europe cyber landscape
APAC Cyber Threat Landscape
North America Cyber Threat Landscape Report
META Threat Landscape
Australia New Zealand threat report

Upcoming Webinars

global-webinar-banner
Stay-Ahead-of-Cyber-Threats
CISO's Guide to Threat Intelligence 2024

CISO’s Guide to Threat Intelligence 2024: Best Practices

Stay Ahead of Cyber Threats with Expert Insights and Strategies. Download Free E-Book Now

Cyble | Amazon Music
Azure-MP-logo
google-ad-cyble
Share the Post:

Related Posts

Scroll to Top

Discover more from Cyble

Subscribe now to keep reading and get access to the full archive.

Continue reading