Kaspersky, a Russian multinational cybersecurity and anti-virus services and solutions provider, has raised new concerns about the rising trends in the malware development market as new stealers such as Lumma, Redline remained the dominant data-stealing malware used by cybercriminals.
Kaspersky Digital Footprint Intelligence latest findings showed that more than half of every device (55%) targeted by password-stealer attacks in 2023 had been infected with the Redline malware.
The company reports that infostealers infiltrate devices to illicitly obtain sensitive credentials such as logins and passwords, which are then peddled on the shadow market, posing significant cybersecurity threats to personal and corporate systems.
According to information from log-files traded or distributed freely on the dark web, Redline was used in 51% of infostealer infections from 2020 to 2023 while other malware families included Vidar (17%) and Raccoon (nearly 12%).
The report further showed that in total, around 100 distinct infostealer types were identified by Kaspersky Digital Footprint Intelligence between 2020 and 2023 using metadata from log-files while the underground market for data-stealing malware development is expanding, evident from the rising popularity of new stealers.
Specifically, the report indicated that between 2021 and 2023, the portion of infections caused by new stealers grew from 4% to 28% and that in 2023, the new “Lumma” stealer alone was responsible for more than 6% of all infections.
Kaspersky further clarified that Lumma emerged in 2022 and gained popularity in 2023, through a Malware-as-a-Service (MaaS) distribution model, which implies that any criminal, even those without advanced technical skills, can purchase a subscription for a pre-made malicious solution and use this stealer to carry out cyberattacks.
Commenting on the growing threats of the malware, an expert at Kaspersky Digital Footprint Intelligence, Sergey Shcherbel, said: “Lumma is primarily designed for stealing credentials and other information from cryptocurrency wallets, commonly spread through email, YouTube, and Discord spam campaigns.”
Kaspersky further recommended: “To guard against data-stealing malware, individuals are advised to use a comprehensive security solution for any device. This will help prevent infections and alert them to dangers, such as suspicious sites or phishing emails that can be an initial vector for infection.
“Companies can help their users, employees and partners protect themselves from the threat by proactively monitoring leaks and prompting users to change leaked passwords immediately”, it added.