Infostealer malware is rapidly gaining popularity in the realm of cybercrime, particularly within the malware-as-a-service (MaaS) sector. These stealthy malicious programs aim to remain undetected as they surreptitiously harvest user information from devices, subsequently transferring it to the attacker’s command and control servers.
A comprehensive analysis of over 19.6 million infostealer logs has revealed an intriguing trend: cybercriminals prioritize the theft of financial and corporate data over conventional logs. These prized logs are being sold at an average price of $112, a substantial contrast to the $15 value of other log categories.
The examination of these logs uncovered some noteworthy findings. Among the massive log pool, more than 376,000 entries contained credentials associated with widely-used business applications like Salesforce, Hubspot, AWS, GCP, Okta domains, and DocuSign. Additionally, over 200,000 logs contained OpenAI credentials, reflecting 1% of the total logs analyzed.
Surprisingly, a staggering 46.9% of the total logs were linked to Gmail credentials, indicating the vast reach of the information-stealing malware, potentially affecting over 8 million devices.
The origins of these logs predominantly trace back to the Russian market and VIP Telegram channels, underscoring the global nature of this cyber threat. The report classifies the logs into three tiers based on the type of credentials and access they provide. Tier 1 encompasses access to corporate and business applications, including CRM, RDP, VPN, and SaaS credentials, which are often exploited to widen access before being sold on top-tier dark web forums.
Tier 2 encompasses infected devices and banking credentials, frequently used by threat actors to pilfer funds from consumer accounts. In contrast, Tier 3 covers consumer applications and lower-value credentials, such as those associated with VPN applications and streaming services, often sold for prices ranging from $10 to $15 per log file. Flare has released a comprehensive report that delves into the intricacies of this infostealer landscape, offering detailed insights into log classification and related information.