Infostealers on the rise

Cyber criminals are constantly devising new ways to get hold of our data. For example, via email, chat, and telephone. But also via your laptop or computer, for example when downloading (new) software or an application. Attackers can send malicious software, ask you to fill in or copy something via an intermediate step (such as Captcha), or send you to a 'fake' environment. Infostealers are new to the game. They are increasingly used by cyber criminals and are difficult to recognize.

Infostealers collect your data

Infostealers are a type of malicious software that cyber criminals use to steal personal information from your computer or device. Once installed on your device, the malware collects sensitive information without your knowledge and sends it to the criminals. They can cause enormous damage if not detected in time.

What kind of information do infostealers collect?

Infostealers target various types of sensitive information:

• Login details: Usernames and passwords for email accounts or social media.
• Financial details: Credit card numbers, bank details, and information about cryptocurrency wallets.
• Personal details: Information such as your name, address, phone number, or social security number.
• System information: Data about your device's hardware, installed software, and security programs.

How infostealers end up on your device

Infostealers can get onto your device in various ways, often without you even noticing:

• Phishing emails: Emails that look like they come from a trusted source but contain a malicious link or attachment. If you click on it, the malware is installed.
• Malicious websites: By clicking on a link to an infected website or via malvertising (malicious advertisements), you can download malware without noticing. Even a trusted website can be hacked to spread malware.
• Illegal software: Downloading illegal software carries significant risks. These packages are often infected with malware.
• Software vulnerabilities: Some infostealers exploit security flaws in outdated software or browsers to infect your device.

How can you recognize infostealers?

Are you being asked to perform an action on a website because you cannot access the website otherwise, or do you not trust a website or email? Report this as soon as possible to the service desk at your institution

Infostealers are designed to work unnoticed when they are active. If your login details have been stolen, they will try to strike. These are signs to look out for:

• If you receive a message stating that you must log in urgently and are asked to do so via a link in the email/text message (phishing).
• Unexpected emails, social media messages, or transactions on your bank account. Messages from “acquaintances” that are strange/different than usual or that you do not expect.
• If you receive a message asking you to use your second factor (MFA) again, without you being logged in.

If you recognize these signs, take immediate action and scan your device for malware and/or disconnect your device from the internet. If this happens on a device belonging to your institution, report it as soon as possible.

What can you do to protect yourself against infostealers?

• Use multiple factors to log in (Multi-factor authentication (MFA): This adds an extra layer of security, requiring you to enter an SMS code in addition to your password. Sometimes you have to enable this yourself in your social media accounts.

• Update your software regularly: Make sure your computer and antivirus software are up to date.

• Log in by searching for the website yourself: If you are asked to log in, do not do so via the link in the email, but go to the official page.

• Be careful with emails: Do not open suspicious attachments or click on unknown links, especially if the sender is unknown to you.

• Avoid illegal software: Use legal software and only download software from reliable platforms.