ISLAMABAD: A leading cybersecurity company has advised individuals to use a comprehensive security solution for their devices to avoid stealing of credentials and other information from cryptocurrency wallets.
Hafeez Rahman, Technical group manager at Kaspersky told Business Recorder that the malware development market continues to flourish with new stealers such as Lumma, for the last three years Redline still remains the dominant data-stealing malware used by cybercriminals. As per the latest finding of Kaspersky Digital Footprint Intelligence, 55% of devices targeted by password-stealer attacks in 2023 have been infected with the Redline malware.
In total, around 100 distinct infostealer types were identified by Kaspersky Digital Footprint Intelligence between 2020 and 2023 using metadata from log-files.
Infostealers infiltrate devices to illicitly obtain sensitive credentials such as logins and passwords, which are then peddled on the shadow market, posing significant cybersecurity threats to personal and corporate systems.
The underground market for data-stealing malware development is expanding, evident from the rising popularity of new stealers. Between 2021 and 2023, the portion of infections caused by new stealers grew from 4% to 28%. Specifically, in 2023, the new “Lumma” stealer alone was responsible for more than 6% of all infections.
“Lumma emerged in 2022 and gained popularity in 2023, through a Malware-as-a-Service (MaaS) distribution model. This means any criminal, even those without advanced technical skills, can purchase a subscription for a pre-made malicious solution and use this stealer to carry out cyberattacks. Lumma is primarily designed for stealing credentials and other information from cryptocurrency wallets, commonly spread through email, YouTube, and Discord spam campaigns,” Hafeez said.
To guard against data-stealing malware, individuals are advised to use a comprehensive security solution for any device. Companies can help their users, employees and partners protect themselves from the threat by proactively monitoring leaks and prompting users to change leaked passwords immediately, he added.
Copyright Business Recorder, 2024