infostealers Archives

Tech Optimizer

March 27, 2025

This dangerous new Windows malware hides from your antivirus while impersonating a popular PC brand

A new strain of malware called CoffeeLoader targets Windows users by pretending to be an ASUS utility, specifically imitating ASUS's Armoury Crate. It has sophisticated evasion techniques that allow it to bypass antivirus software. Once installed, it deploys infostealers like Rhadamanthys Infostealer to extract sensitive information. CoffeeLoader operates undetected by executing code on the GPU instead of the CPU, using Call Stack Spoofing to disguise its activities, and employing Sleep Obfuscation to encrypt itself in memory when inactive. It also exploits Windows Fibers to evade detection. To protect against CoffeeLoader, users should download Armoury Crate only from the official ASUS website and be cautious of deceptive links and ads that may lead to malware installation.

AppWizard

March 24, 2025

Malicious Game Infects Steam Users With Info-Stealing Malware

Steam removed the game Sniper: Phantom's Resolution due to a security breach involving malware designed to extract sensitive user information. The malware was disguised as a legitimate Windows process and employed tactics like executing Node.js scripts and establishing startup persistence. A month earlier, another game, PirateFi, was found to be spreading the Vidar infostealer, affecting up to 1,500 users. Both incidents highlight the risks associated with malware hosted on trusted platforms like Steam, which may exploit vulnerabilities in submission processes. Users often identified suspicious behavior before the platforms did, indicating delayed detection and response times. The lack of timely communication regarding breaches further exacerbates user concerns.

Tech Optimizer

March 18, 2025

FBI: Free file converter sites and tools deliver malware

Malware peddlers are targeting users searching for free file converter services, as reported by the FBI’s Denver Field Office. Cyber criminals use deceptive websites that promise file conversion but may deliver malware, allowing unauthorized access to victims' computers and extracting personal identifying information (PII), banking details, and passwords. Users are advised to keep antivirus software updated and scan downloaded files. A list of flagged domains includes: - Imageconvertors[.]com (Phishing) - Convertitoremp3[.]it (Riskware) - Convertisseurs-pdf[.]com (Riskware) - Convertscloud[.]com (Phishing) - Convertix-api[.]xyz (Trojan) - Convertallfiles[.]com (Adware) - Freejpgtopdfconverter[.]com (Riskware) - Primeconvertapp[.]com (Riskware) - 9convert[.]com (Riskware) - Convertpro[.]org (Riskware) Users affected by malware are encouraged to contact their financial institutions and change passwords.

Tech Optimizer

March 12, 2025

Malware steals bank cards and passwords from millions of devices

Infostealer malware has become a major cybersecurity threat, with around 25 million users targeted between early 2023 and the end of 2024. These malware variants capture sensitive information, including bank card details and passwords, with nearly 26 million devices affected during this period, resulting in over 2 million unique bank card details leaked. One in every 14 infections compromised bank card data, passwords, and second-factor authentication cookies. In 2024, infections increased significantly, with RisePro's share rising from 1.4% to 22.45% and Stealc from 2.65% to 13.33%. Redline remained the most prevalent infostealer, responsible for 34.36% of infections. By August 2024, an estimated 15.9 million devices had been affected in 2023, increasing to 16.49 million by March 2025. Over 9 million infections were tracked in 2024, with final counts expected to exceed those of 2023. To protect sensitive information, it is recommended to invest in robust antivirus software, use virtual cards for online transactions, set up transaction alerts and spending limits, avoid storing card details in browsers, use strong and unique passwords, and consider personal data removal services.

Tech Optimizer

March 3, 2025

New malware exploits fake updates to steal data

Recent developments indicate that Mac users are facing an escalating threat from malware designed for macOS systems, particularly with the emergence of a strain called FrigidStealer. This malware spreads through deceptive browser update prompts on compromised websites, leading users to download a malicious DMG file that seeks elevated privileges to steal sensitive information. Cybersecurity firm Proofpoint has traced the operations of FrigidStealer to two threat actors: TA2726, a traffic distribution service provider, and TA2727, which delivers the malware. This campaign also targets Windows and Android devices, indicating a multi-platform strategy. Additionally, the rise of infostealer malware has compromised approximately 330 million credentials in 2024, with around 3.9 billion credentials circulating from infostealer logs. Users are advised to adopt protective measures, including being cautious of fake software updates, enabling two-factor authentication, using password managers, and exercising caution with downloads and links.

Tech Optimizer

February 28, 2025

Long-dormant Mac malware returns with advanced capabilities

As of 2025, there is an increase in malware threats targeting Apple laptops, particularly a revamped version of XCSSET, which can infiltrate Xcode projects and has enhanced capabilities that make it harder to detect. This malware employs advanced code scrambling techniques and disguises its true purpose by renaming code components. Once it infects a Mac, it embeds itself in system files and replaces the Launchpad shortcut with a counterfeit version that runs both the genuine Launchpad and the malware. XCSSET is capable of stealing sensitive information, including data from digital wallets and the Notes app, as well as gathering system information and files. It can be updated with new capabilities, increasing its data-stealing potential over time. To protect against such threats, users are advised to install strong antivirus software, be cautious with downloads and links, keep software updated, use strong and unique passwords, and enable two-factor authentication.

Tech Optimizer

February 11, 2025

Millions of Mac owners urged to be on alert for info-stealing malware

Mac owners should be vigilant in 2025 due to a significant rise in macOS infostealers, as indicated by the State of Malware report from Malwarebytes. These infostealers can extract sensitive personal information, such as credit card details and passwords, putting Mac users at risk similar to Windows users. Notable infostealers like Poseidon and Atomic Stealer can target over 160 cryptocurrency wallets and compromise VPN configurations. Most macOS infostealers rely on user deception for installation, making user caution essential. Recommendations for protection include downloading software only from trusted sources, using robust antivirus software, verifying links from unknown sources, enabling two-factor authentication, and considering a password manager or VPN. Cybercriminals are increasingly targeting Macs as their popularity grows.