No Time to Read? Listen to the Blogcast Here:



Cybercriminals have wasted no time in 2025 with infostealer malware already making major headlines. From stolen credentials to infiltrated corporate networks, threat actors are escalating their attacks, fueling dark web marketplaces, and exposing organizations to massive security risks. Several major incidents in early 2025 highlight just how widespread and sophisticated these threats have become.

A newly discovered infostealer, FleshStealer, has been found targeting web browsers, crypto wallets, and 2FA extensions. This stealthy malware uses advanced evasion tactics, including encryption and self-termination, making it incredibly difficult to detect and analyze.

Threat actors also utilized infostealer malware to compromise the credentials of multiple Telefonica employees, granting them access to the company's internal ticketing system. The attackers reportedly stole a list containing 24,000 employee emails and names, 500,000 summaries of internal Jira issues, and 5,000 internal documents, including internal email communications.

In another recent campaign, attackers distributed infostealer malware masquerading as a proof-of-concept (PoC) exploit for a Windows Lightweight Directory Access Protocol (LDAP) vulnerability. This tactic not only deceived security researchers but also highlighted the evolving methods threat actors employ to spread infostealers.







Then in February, the Black Basta leak made headlines revealing that many of the credentials appeared to originate from infostealer malware logs, showing just how critical credential security is in preventing attacks.

These incidents make one thing clear: Infostealers must be a top priority for SOCs, threat hunters, and security teams. These silent threats don’t announce themselves with ransom demands—they infiltrate, steal, and enable more dangerous attacks down the line.

We’ve recently shared an overview of infostealers, but as these attacks intensify, let’s quickly recap why they are such a critical threat to organizations in 2025.

Why Infostealers are a Growing Threat in 2025

These recent incidents are not a surprise given the fact that in recent years infostealer activity has surged by 266%. But why is this such an attractive tactic for threat actors?  First and foremost, it doesn’t discriminate. It can target any individual or organization that holds potentially valuable data—this spans financial data such as credit card numbers and bank details, passwords and login credentials as well as browsing history or personal identifiable information (PII). In addition to the breadth of potential victims, Infostealers are surging for several key reasons: 

Easy, Low-Cost Access to Valuable Data

Unlike ransomware, which requires direct interaction with victims, infostealers operate silently, gathering login credentials, payment details, session cookies, and system information. Once stolen, these assets can be sold on dark web marketplaces or used for further attacks.

Credentials are more valuable than ever

Attackers can use them for account takeovers (ATOs), espionage, or lateral movement within networks. And now, with mature cybercrime marketplaces, stolen credentials can be monetized almost instantly on dark web forums, Telegram groups, and automated shops.

Stealth and Persistence

Infostealers work in the background, often undetected for long periods, allowing attackers to collect a continuous stream of fresh credentials.

There is no need to engage victims. Unlike phishing scams or social engineering attacks, infostealers don’t rely on user interaction once deployed.

Low detection rates

Many infostealers use encryption, anti-debugging, and obfuscation techniques to bypass security tools like EDR and antivirus software.

The LDAP incident in January highlights how threat actors no longer rely solely on phishing or social engineering to spread malware. Instead, by weaponizing publicly available security tools and exploiting code, they can bypass traditional detection methods and gain access to valuable credentials without direct user interaction.

Facilitates Bigger, More Profitable Attacks

Infostealers act as a stepping stone for larger cybercrime operations:

• Ransomware Deployment – Threat actors use stolen credentials to bypass security controls, escalate privileges, and deploy ransomware inside corporate networks.

• Business Email Compromise (BEC) Attacks – Attackers gain access to corporate emails and impersonate executives to steal funds.

• Supply Chain Attacks – Stolen access credentials allow attackers to infiltrate third-party suppliers, expanding their attack surface.

As seen in the January Telefonica instance, the infections provided hackers with the necessary credentials to infiltrate systems and then leveraged to expand access further through sophisticated social engineering tactics.

Mass Distribution with Minimal Effort

Infostealers are easy to deploy and spread through various attack vectors:

• Phishing emails and malvertising – Fake invoices, job offers, or ads trick victims into downloading malware.

• Trojanized software – Many infostealers are disguised as free software cracks, mods, or tools, targeting unsuspecting users.

• SEO poisoning and drive-by downloads – Attackers manipulate search results to trick users into downloading infected files.

Infostealer Malware-as-a-Service (MaaS) Makes It Accessible

Many infostealers are sold as subscription-based services, meaning even low-skilled attackers can launch credential-stealing campaigns without writing a single line of code.

The bottom line? Infostealers require minimal effort but deliver maximum value to threat actors, enabling credential theft, unauthorized access, and large-scale cyberattacks. SOCs and security teams must act fast—detecting, disrupting, and defending against these threats before stolen data is weaponized. 

How SOCs and Threat Hunters Can Stay Ahead of Infostealers

To defend against the rise of infostealers, SOCs, and threat-hunting teams must adopt a proactive, layered security approach starting with identity protection. To learn more about the latest in infostealer threats, check out a new report: Inside the Infostealer Epidemic: Exposing the Risks to Corporate Security.