How to keep your information safe from data-stealing malware

Data-stealing malware looks like something straight of a spy movie, but this threat isn’t limited to sci-fi flicks. Here’s what you need to know about it and how you can help protect your information from cybercriminals.

Person taking steps against data-stealing malware

Who hasn't encountered a suspicious-looking comment suggesting you click on an equally shady-looking link? Seems like something you’d steer clear of, right? But what is if the comment looks legitimate, like it came from a “friendly user” who wants to help you out with an issue they’ve also encountered. Would you be swayed? Don’t be.

According to the Gen Q3/2024 Threat Report, in this past quarter alone, we’ve seen data-stealing malware rise of 39%. One big player—Lumma Stealer—is leading the charge with a 1154% spike in activity. That’s a massive increase, and it’s targeting everything from passwords to crypto wallets, looking to grab any valuable info on your device. And guess how they’re getting into your devices—by using the disguise of “helpful advice” online.

Here’s what you need to know.

What exactly is data-stealing malware?

Data stealers are a type of sneaky malware. Once they’re on your device, they dig through your information, gathering all they can: login credentials, browsing data, cryptocurrency wallets, autofill data from browsers, stored session tokens, and saved form information. Then, they quietly exfiltrate it to a command-and-control (C2) server used by the cybercriminals, often disguising their actions to avoid detection by security software. From there, your info can be used for identity theft, fraudulent purchases, or even sold off on the dark web.

The recent data theft explosion isn’t random—it’s happening because cybercriminals are finding new ways to get people to download malware, often by disguising it in places you’d least expect. Popular sites like YouTube and GitHub, and even gaming platforms like Steam, are now breeding grounds for these attacks.

How data-stealing malware is spreading

Here’s how cybercriminals are pulling it off:

  1. Fake YouTube tutorials: Ever come across a YouTube video that promises a “free” version of expensive software? In many cases, those links lead straight to malware. You download what you think is a useful tool, but it’s really a data thief waiting to pounce.
  2. Shady GitHub comments: Some cybercriminals leave links in GitHub comments, often related to popular code repositories. They blend in, looking helpful or relevant. These links actually lead to malware that digs through your data. Cybercriminals may go as far as using URL shorteners or disguised links to trick users.
  3. Steam phishing: For gamers, Steam has become a new hotspot for scams. Cybercriminals pose as fellow gamers and drop links to malware, catching people off guard in a trusted space.

How big is this problem in the U.S.?

The risk ratio for encountering data-stealing malware in the U.S. jumped by 22% last quarter, meaning more people are at risk of having their data swiped. With so much of people’s personal and financial life stored in their devices, this is a sign for users to be extra cautious online and do all they possibly can to protect their information.

How to protect yourself from data-stealing malware

While it can feel overwhelming, protecting yourself from data stealers doesn’t have to be complicated. Here are a few simple steps to help keep your information safe:

  • Think twice before downloading “free” software. Tempted by a free version of expensive software? It can be a trap. Stick to legitimate sources and skip downloads from unverified sites.
  • Be wary of links on public platforms. Whether on YouTube, GitHub, or gaming platforms, avoid clicking on links from unknown sources. If something feels off, trust your gut and steer clear.
  • Use reliable security software. Good malware protection can catch data-stealing malware before they have a chance to snoop around your device. It’s one of the easiest ways to protect your data.
  • Enable two-factor authentication. This adds an extra lock on your accounts. Even if someone manages to get your password, 2FA makes it much harder for them to access your info.

Always one step ahead of data theft

The cyber threat landscape changes constantly, as this sudden spike of data-stealing malware has revealed. However, with a bit of caution and a few protective steps, you can help protect your personal and financial information. So next time you’re online, remember to think twice before you click, download, or install anything from a source you don’t fully trust. Your data is valuable—let’s keep it safe.

Editor’s note: Our articles provide educational information. LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about.

This article contains

Is Your Small Business a Big Target for Identity Thieves?
As a small business owner, you may think identity thieves wouldn’t be interested because you’re not a giant corporation with a lot of money and information.
February 04, 2021 ·3 min read
Read More
Protect your identity while traveling this summer
Learn how to protect your identity while traveling with essential tips on device security, VPN use, and monitoring financial activities.
May 21, 2024 ·2 min read
Read More
How should you respond to identity theft? 7 essential steps
Learn how you should respond to the theft of your identity and discover seven essential steps to protect your personal information.
April 04, 2025 ·3 min read
Read More
How to protect yourself on Identity Management Day
Learn about Identity Management Day 2025, the dangers of ID theft, and how to safeguard your sensitive data and LifeLock protection.
April 08, 2025 ·4 min read
Read More

Start your protection,
enroll in minutes.

Get discounts, info, protection tips, and more.

Sign up for promotional emails.