How to keep your information safe from data-stealing malware

Who hasn't encountered a suspicious-looking comment suggesting you click on an equally shady-looking link? Seems like something you’d steer clear of, right? But what is if the comment looks legitimate, like it came from a “friendly user” who wants to help you out with an issue they’ve also encountered. Would you be swayed? Don’t be.

According to the Gen Q3/2024 Threat Report, in this past quarter alone, we’ve seen data-stealing malware rise of 39%. One big player—Lumma Stealer—is leading the charge with a 1154% spike in activity. That’s a massive increase, and it’s targeting everything from passwords to crypto wallets, looking to grab any valuable info on your device. And guess how they’re getting into your devices—by using the disguise of “helpful advice” online.

Here’s what you need to know.

What exactly is data-stealing malware?

Data stealers are a type of sneaky malware. Once they’re on your device, they dig through your information, gathering all they can: login credentials, browsing data, cryptocurrency wallets, autofill data from browsers, stored session tokens, and saved form information. Then, they quietly exfiltrate it to a command-and-control (C2) server used by the cybercriminals, often disguising their actions to avoid detection by security software. From there, your info can be used for identity theft, fraudulent purchases, or even sold off on the dark web.

The recent data theft explosion isn’t random—it’s happening because cybercriminals are finding new ways to get people to download malware, often by disguising it in places you’d least expect. Popular sites like YouTube and GitHub, and even gaming platforms like Steam, are now breeding grounds for these attacks.

How data-stealing malware is spreading

Here’s how cybercriminals are pulling it off:

1. Fake YouTube tutorials: Ever come across a YouTube video that promises a “free” version of expensive software? In many cases, those links lead straight to malware. You download what you think is a useful tool, but it’s really a data thief waiting to pounce.
2. Shady GitHub comments: Some cybercriminals leave links in GitHub comments, often related to popular code repositories. They blend in, looking helpful or relevant. These links actually lead to malware that digs through your data. Cybercriminals may go as far as using URL shorteners or disguised links to trick users.
3. Steam phishing: For gamers, Steam has become a new hotspot for scams. Cybercriminals pose as fellow gamers and drop links to malware, catching people off guard in a trusted space.

How big is this problem in the U.S.?

The risk ratio for encountering data-stealing malware in the U.S. jumped by 22% last quarter, meaning more people are at risk of having their data swiped. With so much of people’s personal and financial life stored in their devices, this is a sign for users to be extra cautious online and do all they possibly can to protect their information.

How to protect yourself from data-stealing malware

While it can feel overwhelming, protecting yourself from data stealers doesn’t have to be complicated. Here are a few simple steps to help keep your information safe:

• Think twice before downloading “free” software. Tempted by a free version of expensive software? It can be a trap. Stick to legitimate sources and skip downloads from unverified sites.
• Be wary of links on public platforms. Whether on YouTube, GitHub, or gaming platforms, avoid clicking on links from unknown sources. If something feels off, trust your gut and steer clear.
• Use reliable security software. Good malware protection can catch data-stealing malware before they have a chance to snoop around your device. It’s one of the easiest ways to protect your data.
• Enable two-factor authentication. This adds an extra lock on your accounts. Even if someone manages to get your password, 2FA makes it much harder for them to access your info.

Always one step ahead of data theft

The cyber threat landscape changes constantly, as this sudden spike of data-stealing malware has revealed. However, with a bit of caution and a few protective steps, you can help protect your personal and financial information. So next time you’re online, remember to think twice before you click, download, or install anything from a source you don’t fully trust. Your data is valuable—let’s keep it safe.