Articles on: General

A Quick Look at Common Malware Families

What is an Infostealer?

Unlike ransomware or viruses that cause obvious damage, infostealers are silent and fast, often completing their task in seconds before deleting themselves or staying dormant.


Common Infostealer Families

Here are some of the most active and widespread infostealer malware families:

Name

Summary

Raccoon

Easy-to-use, sold as Malware-as-a-Service (MaaS), known for stealing credentials and autofill data.

RedLine

Highly popular, often spread through fake software and phishing; steals passwords, cookies, crypto wallets.

Vidar

Lightweight but powerful; sold on underground forums and often bundled with cracked software.

Lumma

Known for rapid updates and targeting Chromium-based browsers and password managers.

Meta

Successor to RedLine in some markets, focusing on password and session hijacking.

Aurora

Newer stealer with loader capabilities, often used to deliver further malware.


Spotlight: The Redline Stealer. This is one of the most prolific infostealers in circulation today. First appearing in 2020, it's widely used by cybercriminals due to its low cost, ease of use and effective capabilities.


  • Saved browser credentials
  • Cookies and session tokens (used to bypass logins)
  • Credit card data saved in browsers
  • Crypto wallet files and extensions
  • System information (IP address, OS, antivirus used)


How It Spreads

  • Phishing emails with malicious attachments
  • Fake installers for popular software (e.g., cracked apps or games)
  • Malvertising (malicious ads) on sketchy websites
  • Discord and Telegram spam bots sharing links


What Makes It Dangerous?

  • Quick exfiltration: Data is often stolen within seconds of infection.
  • Credential resale: Stolen data is resold in logs on dark web marketplaces.
  • Ongoing access: Session cookies can give attackers direct access to company systems without needing a password.


How to Protect Yourself

  • Avoid downloading cracked software or clicking on suspicious links.
  • Use reputable antivirus and endpoint detection tools.
  • Educate employees on phishing and social engineering.
  • Regularly scan for credentials in stealer logs using services like Selki or Have I Been Pwned.


If you suspect an infostealer infection or have found your credentials in a stealer log, take immediate action to change passwords, revoke sessions, and review your security hygiene.

Updated on: 07/08/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!