The following article summarizes a recent SC webcast discussion between Host Paul Asadoorian and Ian Gray, VP of Intelligence at Flashpoint. They discussed how security teams can act on insights from
Flashpoint's 2025 Global Threat Intelligence Report to proactively identify and neutralize real-world threats before they escalate.
The rise of information-stealing malware
Info stealers represent a sophisticated evolution in cybercrime, emerging as a potent threat to digital security. According to Gray, these malware strains have transformed from simple banking Trojans to complex data extraction tools.
Initially targeting financial websites around 2007, info stealers have expanded their capabilities to harvest comprehensive digital identities.
The shift began around 2015-2016, driven by improved cybersecurity measures and changing online payment landscapes. As credit card fraud became more challenging, cybercriminals pivoted to stealing entire digital profiles.
Gray noted that the COVID-19 pandemic accelerated this trend, with increased online transactions and remote work creating more opportunities for data theft.
How info stealers operate
Modern info stealers like Red Line and Luma are designed to extract extensive digital information. They target browser data, including session tokens, cookies, autofill information, and login credentials.
Gray said these tools can bypass multi-factor authentication by stealing complete digital fingerprints, essentially creating a "fake ID" for online impersonation. The marketplace for stolen data has become increasingly sophisticated. Platforms like Russian Market sell comprehensive "logs" for as little as $10, allowing attackers to pre-order credentials for specific corporate networks or services.
The most prolific info stealer in 2024, Red Line, compromised nearly 10 million hosts by developing advanced techniques to circumvent browser security measures.
Defending against the threat
Gray recommended a multi-layered defense strategy. This includes implementing robust multi-factor authentication, using endpoint detection systems, and maintaining strict cyber hygiene.
He emphasized the importance of being cautious about downloaded software, avoiding cracked applications, and monitoring network access.
International law enforcement has begun disrupting these operations through coordinated takedowns like Operation Magnus, which shut down Red Line.
However, the cat-and-mouse game continues, with cybercriminals quickly rebuilding and adapting their infrastructure after each disruption.
