Approaching Infostealers Devs: a Brief Interview with MacSync (ex-mentalpositive)
To completely understand what’s going on in a market that has been growing in the last years I found mandatory to know which players are dominating it. Always remember that behind every user of the Internet there is another human like you, so if you can be kind enough to reach them and they agree, […]
How to Check if Your Company’s Domain Has Infostealer Infections (Cybercrime Intelligence)
What is an Infostealer? An infostealer is a type of malware designed to stealthily extract sensitive information from infected devices. It operates in the background, collecting data such as login credentials, financial details, and personal information, which hackers can then use for identity theft, financial fraud, or selling on the dark web. These infections often […]
The Infostealer-to-APT Pipeline: How Stolen Diplomatic Credentials Fuel Cyber-Political Power Plays
With cyber espionage on the rise, opportunistic Infostealer malware, designed to harvest credentials indiscriminately, is being repurposed by Advanced Persistent Threat (APT) groups to devastating effect. Hudson Rock‘s threat intelligence reveals a global wave of compromised Ministry of Foreign Affairs (MOFA) email accounts, from Saudi Arabia’s mofa.gov.sa to South Korea’s mail.mofa.go.kr, the United Arab Emirates’ […]
Atomic macOS Stealer now includes a backdoor for persistent access
Atomic macOS Stealer (AMOS), a popular piece of stealer malware for macOS, has just received a major update. For the first time, it’s being deployed with an embedded backdoor. This change allows attackers to maintain persistent access to a victim’s Mac, run arbitrary tasks from remote servers, and gain extended control over compromised machines. This […]
Infostealers – The Silent Data Thief [SINCON 2025]
At SINCON 2025 in Singapore, Leonid Rozenberg sat down with cyber journalist Jane Lo for a brief but powerful 15-minute interview that catches you up on the latest Infostealer-related threats, trends, and developments.
Hy-Vee Hacked: Infostealers Enable Stormous Group’s 53GB Atlassian Data Heist
In a cyberattack that underscores the destructive power of infostealer malware, Hy-Vee, a prominent U.S. supermarket chain, has been hit by a massive data breach courtesy of the Stormous ransomware group. The attackers claim they’ve infiltrated Hy-Vee’s Atlassian accounts, specifically Confluence and Jira, using stolen credentials, Hudson Rock traced back these credentials to various Infostealer […]
Paraguay’s Biggest Data Breach: Infostealers Fuel Massive 7.4M Citizen Data Leak
In a cybersecurity catastrophe that’s rocked Paraguay to its core, a staggering 7.4 million citizen records, nearly the entire population’s personally identifiable information (PII), have been leaked on the dark web. Evidence for the initial access which enabled this hack point to an Infostealer infection that compromised a government employee’s credentials, granting cybercriminals access to […]
16 Billion Credentials Leak: A Closer Look at the Hype and Reality Behind the “Massive” Data Dump
Recent reports of a 16 billion credentials leak have sparked widespread concern, with claims it’s one of the largest breaches ever. However, Hudson Rock’s analysis shows this “leak” is far less significant than suggested, consisting of recycled, outdated, and potentially fabricated data rather than a new breach. Here’s a clear breakdown of the incident and […]
Nobitex Breach: Infostealers Expose Critical Employee Credentials in Latest Crypto Exchange Hack
The cryptocurrency world has been rocked yet again, this time with the Nobitex exchange finding itself in the crosshairs of a sophisticated cyberattack. Reported earlier today, the Iranian crypto platform suffered a massive $81.7 million loss due to a hack claimed by the group “Gonjeshke Darande”, allegedly linked to Israel, which claims affiliation with Israel […]
20,000 malicious IPs and domains taken down in INTERPOL infostealer crackdown
SINGAPORE – More than 20,000 malicious IP addresses or domains linked to information stealers have been taken down in an INTERPOL-coordinated operation against cybercriminal infrastructure. During Operation Secure (January – April 2025) law enforcement agencies from 26 countries worked to locate servers, map physical networks and execute targeted takedowns. Ahead of the operation, INTERPOL cooperated […]
Mandiant Exposes Salesforce Phishing Campaign as Infostealer Malware Emerges as a Parallel Threat
Mandiant has exposed a sophisticated campaign using voice phishing to gain access to Salesforce accounts. Attackers impersonated IT support staff over the phone to trick victims into providing multi-factor authentication codes, allowing access to sensitive Salesforce environments. Once inside, the actors exfiltrated data and used it for extortion purposes. This operation highlights a growing trend […]
Pakistan Telecommunication Company (PTCL) Targeted by Bitter APT During Heightened Regional Conflict
Executive Summary On May 7, 2025, during the active military escalation between Pakistan and India—specifically in the context of India’s military campaign ‘Operation Sindoor’—, EclecticIQ analysts observed that Bitter APT (also known as TA397) [1] very likely targeted the Pakistan Telecommunication Company Limited (PTCL) workers [2] in a spear phishing campaign very likely to deliver malware. Analysts assess that, […]
