Infostealers Run Wild

Malware Captures Billions of Credentials Mathew J. Schwartz (euroinfosec) • October 24, 2025

Credential theft driven by infostealers is reaching epidemic proportions as hackers adapt to more robust countermeasures by infecting corporations with malware that steals session cookies, allowing threat actors to bypass multifactor authentication.

See Also: The Rise of Agentic Commerce: Building Secure, Trusted Payments for the AI-Driven Economy

Threat intelligence firm Flashpoint estimated 5.8 million hosts and devices were infected by infostealers and over 1.8 billion credentials harvested during the first half of this year. Those credentials now circulate on illicit marketplaces and fuel identity-based attacks.

The firm traced the bulk of those infections to the Lumma Stealer, which has a reputation for being especially easy to use. Other top infostealers, which accounted for hundreds of thousands of infections each, included RedLine, Stealc, Vidar and Agent Tesla.

Infostealers harvest usernames, passwords and session tokens, allowing ...