Source: Cointelegraph Original: "{title}"

Opinion Author: Binance Chief Security Officer Jimmy Su

The threat of InfoStealer malware is on the rise, targeting individuals and organizations in the digital finance sector and beyond. InfoStealers are a type of malware designed to extract sensitive data from infected devices without the victim's knowledge. This includes passwords, session cookies, cryptocurrency wallet details, and other valuable personal information.

According to Kaspersky, this malware leaked over 2 million credit card information last year, and this number continues to grow.

These tools are widely accessible through a malware-as-a-service model. Cybercriminals can pay a subscription fee to access advanced malware platforms that provide dashboards, technical support, and automated data exfiltration to command and control servers. Once data is stolen, it is sold on dark web forums, Telegram channels, or private markets.

The damage caused by InfoStealer infections goes far beyond a single compromised account. Credential leaks can lead to identity theft, financial fraud, and unauthorized access to other services, especially when credentials are reused across platforms.

Recently: Dark web actors claim to have information on over 100,000 Gemini and Binance users.

Internal data from Binance also reflects this trend. In recent months, we have seen a significant increase in the number of users whose credentials or session data have been leaked due to InfoStealer infections. These infections did not originate from Binance but affected personal devices that saved credentials in browsers or auto-filled credentials on websites.

InfoStealer malware typically spreads through phishing activities, malicious ads, trojan software, or fake browser extensions. Once it enters a device, it scans stored credentials and transmits them to the attacker.

Common vectors of spread include:

Phishing emails with malicious attachments or links.

Downloading counterfeit software from unofficial app stores.

Sharing game mods and cracked applications via Discord or Telegram.

Malicious browser extensions or add-ons.

Compromised websites that silently install malware (drive-by downloads).

Once activated, InfoStealers can extract stored passwords, autofill entries, clipboard data (including cryptocurrency wallet addresses), and even session tokens, allowing attackers to impersonate users without knowing their login credentials.

Some signs that may indicate your device is infected with InfoStealer:

Unusual notifications or extensions in the browser.

Unauthorized login alerts or unusual account activity.

Unexpected changes to security settings or passwords.

Sudden slowdown in system performance.

In the past 90 days, Binance has observed several notable InfoStealer malware variants targeting Windows and macOS users. Among them, RedLine, LummaC2, Vidar, and AsyncRAT are particularly prevalent among Windows users.

RedLine Stealer is known for collecting login credentials and cryptocurrency-related information from browsers.

LummaC2 is a rapidly evolving threat that integrates techniques to bypass modern browser protections (such as application binding encryption). It can now steal cookies and cryptocurrency wallet details in real-time.

Vidar Stealer focuses on exfiltrating data from browsers and local applications and has significant capabilities in capturing cryptocurrency wallet credentials.

AsyncRAT enables attackers to remotely monitor victims by logging keystrokes, capturing screenshots, and deploying additional payloads. Recently, cybercriminals have used AsyncRAT for credential-related attacks, obtaining credentials and system data from compromised Windows machines.

For macOS users, Atomic Stealer has become a significant threat. This stealer can extract credentials, browser data, and cryptocurrency wallet information from infected devices. Atomic Stealer spreads through credential-stealer-as-a-service channels, utilizing native AppleScript for data collection, posing a substantial risk to individual users and organizations using macOS. Other notable variants targeting macOS include Poseidon and Banshee.

At Binance, we address these threats by monitoring leaked user data on dark web markets and forums, alerting affected users, initiating password resets, revoking affected sessions, and providing clear guidance on device security and malware removal.

Our infrastructure remains secure, but the theft of credentials from infected personal devices is an external risk we all face. Therefore, user education and cyber hygiene are more important than ever.

We urge users and the crypto community to stay vigilant against these threats by using antivirus and anti-malware tools and conducting regular scans. Some well-known free tools include Malwarebytes, Bitdefender, Kaspersky, McAfee, Norton, Avast, and Windows Defender. For macOS users, consider using the Objective-See anti-malware toolkit.

Quick scans often perform poorly, as most malware will self-delete the initial infection stage files. Be sure to run a full disk scan to ensure comprehensive protection.

Here are some practical steps you can take to reduce your risk from this threat and many other cybersecurity threats:

Enable two-factor authentication (2FA) using an authenticator app or hardware key.

Avoid saving passwords in your browser. Consider using a dedicated password manager.

Only download software and applications from official sources.

Keep your operating system, browser, and all applications up to date.

Regularly check the authorized devices in your Binance account and remove unfamiliar entries.

Use withdrawal address whitelists to limit where funds can be sent.

Avoid using public or unsecured Wi-Fi networks when accessing sensitive accounts.

Use unique credentials for each account and update them regularly.

Stay informed about security updates and best practices from Binance and other trusted sources.

If you suspect malware infection, immediately change your password, lock your account, and report it through Binance's official support channels.

The increasing prominence of InfoStealer threats reminds us how advanced and widespread cyberattacks have become. While Binance continues to invest heavily in platform security and dark web monitoring, protecting your funds and personal data requires a joint effort.

Staying informed, cultivating secure habits, and maintaining clean devices can significantly reduce your risk from threats like InfoStealer malware.

Opinion Author: Jimmy Su, Binance Chief Security Officer.

This article is for general informational purposes only and is not intended and should not be construed as legal or investment advice. The views, thoughts, and opinions expressed in this article are solely those of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。