Invasion of the infostealers: meet the malware stealing your cookies

Threat actors are leveraging a new tactic to help them access your credentials without knowing them already or launching a multi-factor authentication challenge.

Web session hijacking through cookie theft is one of the most common techniques used to access your accounts.

This is done by leveraging infostealers, a form of malware that worms its way into your system to access your data.

How does it work?

A recent blog post reveals how infostealers target their victims using specific tactics and techniques.

The report found that these techniques aren’t intended to target one individual. Instead, they’re initiated to target an impossibly broad audience – as far as they can reach.

The primary infection methods that threat actors use in this context are phishing, malvertising, and impersonating nefarious software.

When an individual opens an infected attachment or runs a faulty downloaded program, the malware will begin to infect the system.

This application data “doesn't need elevated privileges to access.” Therefore, infostealing malware can steal cookies without running as an admin, the report found.

From there, data is collected and sent to a server for the threat actor to review.

Image by CyberArk


Infostealers are a specific type of malware – typically a Trojan virus that masks itself to gather sensitive information.

The information that stealers seek to gain can range from passwords to login credentials. Commonly, infostealers are also searching for cookies.

By targeting your cookies, infostealers can obtain valuable information such as login credentials, session tokens, or browsing history. This allows threat actors to gain unauthorized access to individuals’ accounts, track online activities, and even impersonate them online.

Implications for organizations

These infostealer attacks can have profound implications for companies and organizations worldwide.

Bad actors often buy stolen credentials obtained by infostealers to hone their attacks on their victims.

From there, a worst-case scenario could allow bad actors to obtain unauthorized access to an organization's infrastructure, leveraging this access to create specific attacks (supply chain attacks) that could involve other companies as collateral.

Furthermore, stolen cookies could create attack vectors for ransomware groups, often leading to organizations' data being leaked on the dark web.

Theft can also occur when cybercriminals obtain access to payment systems or crypto applications.

Meet the malware

CyberArk found the total number of infostealers downloaded in February 2024, which included the following malware.

  • RisePro
  • RedLine
  • StealC.
  • LummaC
  • Vidar

All the malware above has varying tactics and techniques that come with each independent infostealer. Each one has different levels of success. Some are more effective than others, depending on the use case. Yet, all infostealers pose a threat to the infrastructure of organizations.

More from Cybernews:

Shopify plugins leaked data from nearly 2K stores

Finland joins nations blaming China for hacks

Apple users face barrage of MFA bombing attacks

Thousands of ASUS routers targeted by cybercriminals

Facebook may have exploited user devices to spy on competitors, documents show

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked