Redline reigns as most prevalent data-stealing malware, Kaspersky finds

Woburn, MA – April 9, 2024 – More than half of all devices (55%) targeted by password-stealer attacks in 2023 were infected with the Redline malware, Kaspersky Digital Footprint Intelligence has found. As the malware development market continues to flourish with new stealers, such as Lumma, for the last three years Redline still remains the dominant data-stealing malware used by cybercriminals.

According to information gleaned from log files traded or distributed freely on the dark web, Redline was used in 51 percent of infostealer infections from 2020 to 2023. Other notable malware families included Vidar (17%) and Raccoon (nearly 12%). In total, around 100 distinct infostealer types were identified by Kaspersky Digital Footprint Intelligence between 2020 and 2023 using metadata from log files.

The underground market for data-stealing malware development is expanding, evident from the rising popularity of new stealers. Between 2021 and 2023, the portion of infections caused by new stealers grew from four to 28 percent. Specifically, in 2023, the new “Lumma” stealer alone was responsible for more than six percent of all infections.

The changes in popularity of the three most widespread stealers during 2020-2023. Source: Kaspersky Digital Footprint Intelligence

“Lumma emerged in 2022 and gained popularity in 2023, through a Malware-as-a-Service (MaaS) distribution model,” Sergey Shcherbel, expert at Kaspersky Digital Footprint Intelligence. “This means any criminal, even those without advanced technical skills, can purchase a subscription for a pre-made malicious solution and use this stealer to carry out cyberattacks. Lumma is primarily designed for stealing credentials and other information from cryptocurrency wallets, commonly spread through email, YouTube, and Discord spam campaigns.”

Infostealers infiltrate devices to illicitly obtain sensitive credentials such as logins and passwords, which are then peddled on the shadow market, posing significant cybersecurity threats to personal and corporate systems. In light of this growing threat, Kaspersky has launched a dedicated landing page to raise awareness of the issue and provide strategies for mitigating associated risks.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.