'Infostealers': the silent threat that could infect your computer

The biggest threats are those we don't know exist, which is why many cybercriminals always try to keep them under a veil of secrecy.

And one of their most effective—and feared—tools is infostealers : a term that encompasses all malware designed to steal confidential information from an infected system. We're talking about programs specifically made to collect sensitive data, such as passwords, credit card numbers, banking information , personal identification data, and other types of private information.

Once a system is compromised by an infostealer, the malware collects this data and sends it to the attacker for use in matters such as identity theft, financial fraud, or other types of cybercrime.

And this is a growing threat, as the cybersecurity company ESET warned in an article from early 2025. Google also highlighted the threat of infostealers in its Cybersecurity Forecast 2025 report, which also discusses the use of artificial intelligence to carry out cyberattacks and the imminent arrival of post-quantum cryptography.

Similarly, the cybersecurity company Kaspersky published a report entitled The Changing Landscape of Infostealer Threats , in which it warned that this malware “has become one of the most widespread cyber threats, attacking millions of devices worldwide and compromising sensitive personal and corporate data.”

The report added that “ cybercriminals continue to refine their methods , while defense systems must stay ahead of the curve through improved detection and response strategies.”

“The main danger of infostealers is their discretion,” says Martina López, a cybersecurity researcher at ESET Latin America. “ Infostealers operate silently and can extract all the information stored on a victim’s computer in just a few seconds.” This significant haul, according to the expert, allows these cybercriminals not only to access personal or corporate accounts, but also to carry out financial transactions, or even sell the data on the dark web.

It is also a persistent threat, as certain families of infostealers incorporate automatic update mechanisms, allowing them to remain active even after the device is restarted.

Infostealers infect computers in a similar way to other malware. They can be hidden in phishing emails or text messages, in which the cybercriminal impersonates a person, brand, or authority to try to trick the user into opening links or attachments containing the malicious program.

They can also arrive through social media scams where cybercriminals trick victims into clicking on an attractive ad or post.

On the other hand, cybercriminals can also create malicious websites that, when a user visits them, initiate the automatic download of an infected file. These websites are boosted by SEO manipulation to appear at the top of search engine results. Similarly, instead of creating new websites, cybercriminals can also take control of legitimate websites and insert malicious code into them.

Another possible route of infection is through disguised applications that are actually programs infected with malware.

Similarly, criminals can take advantage of the popularity of online games to offer 'cheat' or 'trick' codes, but when players go to look for those 'cheats' they actually download malware onto their computers.

Much of the lethality of infostealers is that they are distributed through what is known as Malware-as-a-Service (MaaS), a business model that gained strength from 2020 onwards in which criminals make a one-time payment or buy a subscription from hackers in exchange for the use of their malicious programs, allowing people without technical skills to commit sophisticated cybercrimes.

Thus, within the infostealer category, some programs have skyrocketed in popularity, such as AsyncRAT, HoudRAT, LummaStealer, and FormBook, each with its own unique features and advantages for its clients. But so far in 2025, the most detected has been SnakeStealer, a family of programs that started in 2019 but has seen a surge in recent months.

“SnakeStealer regained popularity in the cybercriminal environment, and not by chance: after the fall of Agent Tesla, another popular infostealer , its own operators recommended SnakeStealer as a replacement in the Telegram channels where they offered it as MaaS,” López indicated, and added: “This could explain why SnakeStealer rose to first place in infostealer detections so quickly, being responsible for a fifth of them worldwide, according to ESET telemetry.”

The phrase “an ounce of prevention is worth a pound of cure” fits perfectly into the area of ​​cybersecurity and becomes even more important when malicious programs stand out for their stealth.

“To avoid infections, it is crucial not to download files from unverified sources, keep the operating system and applications up to date, use security solutions that detect suspicious behavior, and enable multi-factor authentication on all services and programs that allow it,” recommends Martina López of ESET.

The cybersecurity expert pointed out that while these infostealers are difficult to detect, some warning signs include unusual network usage, sudden slowness, or unknown activity on online accounts.

“If an infection is suspected, it is advisable to perform a scan with a reliable security solution, change passwords from a clean device, and from then on, monitor any unusual or suspicious account activity ,” he added.

Juan Luis Del Campo - El Comercio (Peru)