Cybersecurity blog header

Beware of infostealers on Black Friday and Christmas

- Ciber 4 All Team
The use of infostealers on Black Friday and Christmas poses a threat

Malicious actors will use infostealers on Black Friday and Christmas to infiltrate companies at a critical time for their operations, as there will be much more traffic to retail websites and victims will be more willing to click on emails/SMS, and advertisements.

At the end of May, Europol announced it had dismantled the complex ecosystem of Lumma Stealer, one of the most damaging infostealers in recent years. The operation dismantled Lumma Stealer’s technical infrastructure, which included a marketplace for selling stolen information.

Despite this, months later, cybersecurity experts detected that the malicious actors behind Lumma Stealer had resumed their operations, albeit without the success of yesteryear, after the identities of key members of the group were exposed.

Lumma Stealer, like other infostealers, allows sensitive data stored on infected devices to be obtained, including software access credentials, financial information, and personal customer data. To do this, the program must remain undetected by the victim for as long as possible. Why do malicious actors resort to using infostealers? They allow them to obtain critical information that can be sold or used to launch new attacks against their victims or their customers.

1. The rise of infostealers

This type of malware is experiencing a new boom. That is why it is essential to be alert to the possibility of infostealers being used on Black Friday and Christmas to attack companies at the most critical time of the year for many of them.

In fact, many criminal groups are shifting their criminal business model towards the use of infostealers. Why? The latest data shows that ransomware attacks have decreased as fewer companies are willing to pay ransoms, a practice that experts and authorities discourage.

As a result, in recent months, technically sophisticated infostealer attacks such as Vidar 2.0 or the latest version of Atomic macOS have been detected, leveraging a Malware-as-a-Service business model that enables thousands of potential criminals to launch attacks at low cost and without extensive knowledge or resources.

Below, we explain why companies must address the threat posed by infostealers on Black Friday and Christmas.

2. Who is targeted by infostealers and how do they infect their victims’ devices?

The use of infostealers is common across all sectors; no company is safe. That is why we must insist that companies selling products online pay close attention to infostealers on Black Friday and Christmas. Otherwise, they expose themselves to malicious actors, who gain access to their e-commerce sites and obtain information about their sales, finances, and customers.

As for the victims of infostealers, it is important to note that no professional is safe. However, specific campaigns targeting software developers or sales managers have been detected.

To infect their victims’ devices, malicious actors either try to trick them into performing actions they shouldn’t or exploit vulnerabilities in the software and equipment used by companies or professionals who use personal devices for work.

This issue is particularly critical during Black Friday or Christmas, as victims are more likely to click «where they shouldn’t» and thus execute the infostealer. In addition, there is a significant increase in the use of credentials on online shopping platforms.

In other words, as is often the case in cybersecurity, social engineering plays a key role.

In recent months, campaigns spreading infostealers have been reported, using techniques such as fake job offers, malvertising on search engines like Google, and fake videos on social media that use the ClickFix technique. What is the goal? To get company professionals to execute a command or download a malicious file or program without being aware of it.

The use of generative AI has allowed malicious actors to scale increasingly extensive and realistic campaigns that do not arouse suspicion and serve to deceive professionals.
In addition to all this, we must also consider that many professionals use personal devices to access corporate software, and that their credentials are stored on those devices. In most cases, these devices fall outside the purview of cybersecurity managers and are therefore more vulnerable to attacks.

The use of infostealers on Black Friday and Christmas must be combated to prevent significant financial losses

3. What information can malicious actors obtain thanks to infostealers?

Not all infostealers are used to collect the same type of data, but among the information that malicious actors seek in the companies they attack, we can highlight:

  • Information about bank accounts and credit cards used by customers to purchase products in e-commerce or contract services online.
  • Credentials for accessing corporate software stored in browsers: e-commerce, management programs, email managers, social media platforms, etc.
  • Authentication cookies and keys for illegitimate access to programs that require two-factor authentication.
  • Browsing the history of their victims.
  • Screenshots of infected devices.
  • Credentials to access a company’s VPN.
  • Files were downloaded to the attacked computers.

This allows malicious actors to:

  • Obtain critical information about a company across commercial, financial, intellectual, and industrial property areas.
  • Obtain personal and financial data for the business’s customers.

How can this wealth of information be used?

  • Use it to launch social engineering campaigns and digital fraud against consumers.
  • Impersonate a company or professional to commit fraud.
  • Sell it to competitors of the attacked company.
  • Sell the data through malicious marketplaces on the Dark Web.
  • Use it to launch other attacks against the target company, such as deploying ransomware or other malicious programs that undermine its operations.
  • Disrupt a company’s operations by taking control of key programs. For example, by modifying e-commerce orders or manipulating emails received or sent from an email manager.

4. Why we should pay attention to the threat of infostealers on Black Friday and Christmas

A recent study estimates that infostealers are present in 35% of threats that can cause service disruptions for companies.

This data highlights the importance of companies having strategies in place to avoid the significant financial losses that infostealers can cause on Black Friday and Christmas. This is especially true for companies with e-commerce and those that launch ambitious marketing campaigns in the last weeks of the year.

Paradoxically, in many businesses, the exact opposite occurs. As the number of e-commerce transactions increases, so does the carelessness of professionals, and malicious actors have more opportunities to infect personal and corporate devices.

In addition, the increase in transactions also makes the use of infostealers on Black Friday and Christmas more attractive to cybercriminals. This is because they can obtain a greater volume of critical information: customer lists, consumers’ personal and financial data, information on commercial strategy, etc.

E-commerce sites are being targeted by malicious actors

5. How can companies combat infostealers on Black Friday and Christmas?

Given what we have discussed, it is clear that we cannot lose sight of infostealers on Black Friday and Christmas, as malicious actors have much to gain by accessing business software and companies have much to lose.

How can businesses prepare to deal with infostealers on Black Friday and Christmas? This task involves basic security measures and investment in cybersecurity services. Companies should therefore:

  • Implement multi-factor authentication for corporate account access, requiring multiple devices. For example, a work computer and a mobile phone.
  • Limit each user’s security permissions so that each employee can only access the information they need to do their job.
  • Train employees and enhance the organization’s ability to defend against social engineering campaigns through courses and tests that simulate realistic attacks.
  • In a situation where, thanks to information provided by an infostealer, a malicious actor gains access to corporate services, it is critical that these services receive:
    • Continuous web security audits, especially in e-commerce. This allows vulnerabilities to be detected before they are exploited and the presence of malicious activity in a company’s infrastructure to be verified as soon as possible.
    • Penetration testing services to check which vulnerabilities could be exploited by malicious actors to access corporate software and obtain critical information about a company and its customers.
  • When it is too late to avoid the impact, it is essential to have a proactive incident response service that can act immediately when malware is detected to contain its spread, limit the information that criminals have been able to access, and expel them.

6. Conclusion

In short, although ransomware has captured the public’s attention in recent years, attacks with infostealers have remained constant, and, given the decline of ransomware, many Malware-as-a-Service models are betting on this type of malicious program.

As a result, the use of infostealers on Black Friday and Christmas poses a major threat to hundreds of thousands of companies that generate a large part of their sales at this time of year.

Why? Infostealers allow malicious actors to obtain the data they need to access commercially and financially critical programs and documents. The most important sales campaign can become a disastrous moment for a company that falls victim to an infostealer.