The Rise of Infostealers

Unlike ransomware, these threats don’t lock your files. They slip in, steal credentials, cookies, tokens, and browser data, then vanish. No noise. No ransom note. Just stolen access.

Stealers like Raccoon, Lumma, and Vidar are now sold as malware-as-a-service. No coding needed. Just pay, plug in, and start stealing. It’s fast, cheap, and dangerously effective.

The Rise of Information Stealers: The Silent Theft That’s Redefining Cybercrime

While ransomware still grabs the headlines, there’s another threat growing just under the radar. Information stealers have become one of the fastest-expanding forms of cyberattack, and they aren’t loud or flashy. They don’t lock up your files or demand a ransom. They just take and leave.

These malicious programs are designed to quietly collect stored browser credentials, cookies, autofill information, cryptocurrency wallet data, session tokens, and even screenshots. What makes them so dangerous is how fast and quietly they operate. In many cases, by the time a user suspects something’s wrong, the data is already exfiltrated, packaged, and sold on dark web marketplaces.

Dozens of info stealers now operate across the cybercriminal ecosystem. Stealers like Lumma, Raccoon, Vidar, and others are often sold as malware-as-a-service (MaaS), lowering the barrier to entry for threat actors. Even low-sophistication attackers - with little to no technical knowledge - can launch campaigns. They subscribe, configure a few options, and start harvesting credentials within hours. Just as SaaS revolutionised business, MaaS has reshaped cybercrime.

The IBM X-Force Threat Intelligence Index 2025 confirms this trend. It highlights a sharp rise in initial access attacks driven by credential theft - often linked to info stealer infections. These credentials are reused to escalate privileges, move laterally within networks, or sold to other actors looking for a shortcut into organisations. Sectors like finance, education, healthcare, and retail have all been prime targets.

Infection methods remain depressingly effective: fake browser extensions, poisoned Google Ads, Discord and Telegram file drops, phishing attachments - they all still work. And many stealers now come with evasion features, such as delayed execution until after system reboot, or stealth techniques to slip past antivirus solutions.

It’s a threat that often flies under the radar. Unlike ransomware, info stealers don’t throw up alarms or encryption banners. Often, the compromise isn’t detected until credentials are reused for account takeovers, or suspicious activity triggers a cloud platform alert.

This makes education and early detection more important than ever. Users must understand that not all malware announces itself. A fake software update might do more long-term damage than a ransomware splash screen if it grants quiet access to internal systems. Detection tools need to monitor for unusual login patterns and browser credential usage. And incident response plans must account for credential compromise - even in the absence of a full-blown breach.

Information stealers are now part of the standard attacker toolkit. That means they need to be part of the standard defender mindset too.

  • This Privacy Collection Notice describes how 59 Degrees North Pty Ltd (ABN 85 665 008 597)  (we, us or our) collects and handles your personal information when you make an enquiry with us. We collect personal information from you so that we can respond to your enquiry and for related purposes set out in our Privacy Policy, available on our website (or on request).  

    We may disclose this personal information to third parties, including our personnel, related entities, any third parties engaged by us and acting on our behalf and as otherwise set out in our Privacy Policy.  

    We store personal information in Australia. Where we disclose your personal information to third parties, those third parties may store, transfer or access personal information outside of Australia. 

    If you do not provide your personal information to us, it may affect our ability to do business with you. For example, if you do not provide your email address, we may not be able to respond to your inquiries or provide you with our services. 

    Please see our Privacy Policy for more information about how we collect, store, use and disclose your personal information, including details about overseas disclosure, access, correction, how you can make a privacy-related complaint and our complaint-handling process.  

    If you have questions about our privacy practices, please contact us by email at: contact@59n.com.au By providing your personal information to us, you agree to the collection, use, storage and disclosure of that information as described in this privacy collection notice. 

    Privacy Policy