Cyble Research Labs | Analysis Report Of Stealer Malware Family

Cyble Research Labs – Analysis Report of Stealer Malware Family

ver the past year, Cyble Research Labs has noticed extensive usage of “Stealer” malware by initial access brokers to compromise victims. These initial access brokers can trade these credentials with other criminal groups, launching targeted attacks on specific organizations. These are designed to steal user credentials such as usernames, passwords, and cookies and send them to a server under the attacker’s control. The stolen information is then aggregated and sold to other interested criminal groups that can abuse this access for espionage, data theft, or even ransomware attacks. This report reveals the prevalence of stealer malware campaigns and evolving models.

December 14, 2021 · 2 min read

Over the past year, Cyble Research Labs has noticed extensive usage of “Stealer” malware by initial access brokers to compromise victims. These initial access brokers can trade these credentials with other criminal groups, launching targeted attacks on specific organizations. These are designed to steal user credentials such as usernames, passwords, and cookies and send them to a server under the attacker’s control. The stolen information is then aggregated and sold to other interested criminal groups that can abuse this access for espionage, data theft, or even ransomware attacks. This report reveals the prevalence of stealer malware campaigns and evolving models.

Stealers or “info stealers” are malware variants belonging to the Trojan family. These are designed to steal user credentials such as usernames, passwords, and cookies and send them to a server under the attacker’s control. These attackers – also called “initial access brokers” – tend to use phishing campaigns to distribute such stealer malware and gather user credentials, system information, and even screenshots or data from their victims. The stolen information is then aggregated and sold to other interested criminal groups that can abuse this access for espionage, data theft, or even ransomware attacks.

Cyble has analyzed 50+ Stealer variants that are in circulation and are being widely used in various threat campaigns globally.

The top 10 Stealer variants are listed below:

RedLine

Bloody

Raccoon

Loki

Vidar

CopperStealer

Oski

KPOT

Mars

AZORult

Top 10 Stealer Malware Variants

About Us

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the Darkweb. Its prime focus is to provide organizations with real-time visibility to their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Start-ups to Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit https://cyble.com.

Agentic AI-Powered, Intelligence-Driven Unified Cybersecurity Platform

Award Winning Cybersecurity Solutions

Industry-Specific Cyber Threat Intelligence Powered by Agentic AI

recent Post

Agentic AI–Driven Threat Intelligence Tailored for Every Function

We’ve just released an Knowledge Hub

Why Cyble?

We've Just Won!

Insights

Downloadables

Media

We’ve just Released a Research Report!

We’ve just released a Press Release

Cyble Recognized by Gartner® Magic Quadrant™

Cyble Research Labs – Analysis Report of Stealer Malware Family

About Us

Stop Executive ThreatsBefore They Strike

More from Cyble

Request a Personalized Demo

Get the Cyble Vision Brochure

Stop Executive Threats
Before They Strike