A new report from Kaspersky shows that more than half of the devices (about 55%) targeted by password theft attacks in 2023 were infected with Redline malware, with Redline remaining the leading data theft malware and a global target for cybercriminals. Although the malware development market has expanded significantly over the past three years, new stealing programs such as Lumma have emerged.
Cybercriminals use stealth software to compromise devices, illegally obtain login credentials, and then sell them on underground markets, posing a significant threat to the security of personal and corporate systems.
According to information from log files distributed freely on the dark web, Redline was used in more than 51% of data theft incidents from 2020 to 2023. Other notable malware groups include Vidar (17%) and Raccoon (12%).
Analysts at Kaspersky's Digital Footprint Intelligence Service also detected around 100 different types of infostealers using metadata and log files between 2020 and 2023.
Distribution of data theft software:
The hidden market for malware specifically designed to steal data is growing, indicating the growing popularity of new theft programs, resulting in the share of infections caused by new theft programs increasing from 4% to 28% between 2021 and 2023.
The new malware (Lumma) is responsible for more than 6% of infections in 2023 alone.
“Lumma appeared in 2022 and gained popularity in 2023 thanks to the malware-as-a-service (MaaS) distribution model,” commented Sergey Scherbel, digital fingerprint intelligence expert at Kaspersky. Such as) intended. Without advanced technical knowledge, you can subscribe to pre-configured malware solutions and perform cyberattacks using this theft tool. “Lumma’s main goal is to steal credentials and other information from cryptocurrency wallets, which is typically distributed via email campaigns, spam, YouTube, and discord.”
Tips from Kaspersky experts:
To prevent connection-stealing malware, Kaspersky experts recommend using a comprehensive security solution for all personal devices, as it helps prevent infections and warn of risks such as suspicious websites or phishing emails that are often infected.
Companies can also help their users, employees, and partners protect themselves from threats by proactively monitoring for breaches and requiring users to change compromised passwords immediately.