First published: 02 Sep 2024
Last updated: 02 Sep 2024

Content written for

Individuals & families
Small & medium business
Large organisations & infrastructure

Today we released a new advisory on information stealer malware used by cybercriminals to target multiple organisations and sectors worldwide, including Australia.

Information stealer malware, also known as ‘info stealers’, collect information from a victim’s device. This can include user names and passwords, card details, cryptocurrency wallets, local files, browser data (including cookies), user history and autofill form details.

Stolen credentials can provide cybercriminals with expedited access to corporate networks and enterprise systems, allowing them to bypass typical tactics and techniques that require more time and skill.

Organisations that facilitate employees, contractors, managed service providers or other entities to access their network remotely, including with Bring Your Own Device (BYOD) hardware, need to be aware of the risks of info stealers and protect themselves from this threat.

We recommend organisations implement multiple mitigations to protect against info stealers:

Organisations should also implement the remainder of ASD’s Essential Eight and develop an incident response plan to ensure employees are aware of what to do and who to contact in the event of a compromise.

Read the full info stealer advisory.

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it