Infostealer Market Booms on the Dark Web

Factors affecting the demand

• According to the ACTI report, the spike in such malware is primarily due to its ability to harvest cookies, usernames, and passwords.
• Adding to its demand are the cheap costs of several infostealer malware, allowing actors with few resources or little technical knowledge to afford it, who then deploy malware and access victims’ networks with much ease.
• The ACTI noted that the success of high-profile attacks (that were executed by combining stolen credentials and social engineering), combined with Malware-as-a-Service (MaaS) offerings, pushed the demand for infostealer malware up.

RedLine Stealer rules the market

• RedLine dominated the underground forums and was used in 56% of data breaches.
• RedLine, Raccoon Stealer, Vidar, Taurus, and AZORult were the prominent five infostealer malware used to harvest victims' data between July and October.

Aurora infostealer gains traction

• A recent development reveals that cybercriminals are increasingly adopting the Aurora malware to steal sensitive data from targeted systems.
• It is available for rent for $250 per month or for $1,500 with a lifetime license.
• The infostealer malware targets data stored in multiple web browsers (cookies, passwords, history, credit cards), and cryptocurrency browser extensions managing cryptocurrency wallets such as Electrum, Ethereum, Exodus, Zcash, Armory, Bytecoin, Guarda, Jaxx Liberty, and Telegram.

Other key highlights

• Among the new variants of malware sold on forums are META, Whisper, Gomorrah v5, Erbium, BlackIce, LummaC, Rhadamanthys, AcridRain, and Psigo. 
• Researchers predict that the sale of these new malware strains, combined with the availability of infostealer malware source code, will lead to increased sales of victim data on underground marketplaces.
• Between June and October, the highest number of victims were reported from India, Indonesia, and Brazil, owing to their population density.

End note