First published: 15 Jul 2025
Last updated: 15 Jul 2025

Content written for

Individuals & families
Small & medium business
Large organisations & infrastructure
Government

Information stealer malware, also known as info stealers, is a type of malware designed to secretly collect information from a victim’s device.

In general, info stealers are capable of stealing:

  • user credentials: computer session logins and passwords, browser login links, usernames, passwords, secret keys, Two-Factor Authentication (2FA) backup codes, server passwords, Virtual Private Networks (VPNs) and File Transfer Protocol (FTP) details.
  • browser data: browser history, search history, session cookies, and autofill data, such as saved credit/bank card details
  • communication data: messaging and email chat logs
  • documents and text files: financial information, corporate data, crypto private keys and crypto wallets
  • computer information: including operating system details, metadata, Internet Protocol (IP) addresses, applications installed on the computer, anti-virus software used, and end-point detection capabilities
  • images: including screenshots of the desktop taken by the malware.

When cybercriminals steal sensitive information, they often use it themselves or sell/trade it to other cybercriminals to target more victims. With access to personal and financial accounts, they can carry out identity theft, financial fraud, and account takeovers.

Theft of your corporate credentials can lead to larger scale incidents, including ransomware, data extortion and more.

Potential warning signs that your information has been stolen

Info stealers are designed to be undetectable, so you may not know your device is infected or that your data is being stolen. Many info stealers can also remove themselves from devices after stealing your data. This highlights the importance of taking steps now to protect your devices and accounts, before you become a victim.

Info stealer malware may be able to avoid your detection, but there are warning signs that your information has been stolen, for example:

  • you notice unusual account activity, such as configuration changes, unusual or concurrent logins, passwords changes and blocked access to your accounts
  • you notice unexpected, unauthorised transactions on your bank accounts
  • you start to get more spam calls, emails or messages
  • you notice increased communication with companies you haven’t done business with before.

For more potential warning signs, read our malware and account compromise threat pages.

You can also find out if your information has been stolen or leaked from:

  • the organisation involved in a data breach notifying you
  • services that search for your information in data breaches, such as have I been pwned.

If your data has been stolen or leaked, learn more on how to report and recover from a data breach and how to report and recover from account compromise.

How you may fall victim to info stealers

Cybercriminals use many techniques to infect victim devices with info stealer malware. These include:

  • Phishing campaigns – such as adding malicious attachments or links to emails or spreading the malware via fake messages.
  • Non-phishing methods – such as malicious advertising and websites laced with malicious software, including cracked and pirated software, as well as search engine poisoning.

Once your device is infected, the malware silently collects your information and sends it back to a remote server controlled by cybercriminals. These cybercriminals may then target you directly, or more likely, will sell the data. The data is generally sold in centralised ad-hoc marketplaces or platforms, such as Telegram or dark web hacking forums. Cybercriminals that buy the data can then launch further attacks or target more victims.

The threat of information stealers to your personal information

Below are examples of how cybercriminals monetise the different types of data stolen.

Data associated with personal accounts

Data may be used to gain access to a victim’s social media and other accounts, leading, but not limited, to:

  • unauthorised access to personal email or social media accounts
  • risk of identity theft
  • loss of privacy
  • increased risk of social engineering and phishing attacks.

Data associated with financial accounts

Data may be used to gain access to a victim’s finances, potentially leading to:

  • accessing funds
  • unauthorised purchases
  • fraudulent charges
  • identify theft
  • unauthorised loan applications.

Data associated with business/corporate accounts

Data may be used to gain access to a victim’s employer, their clients and their enterprise systems. This could lead to:

  • extortion
  • ransomware
  • data breach
  • business email compromise
  • theft of intellectual property
  • theft of sensitive information.

Security tips for protecting your information from info stealers

While we work closely with law enforcement and industry to help protect individuals from cybercriminals, there are some simple actions you can do to reduce the risk of info stealers. As a start, we suggest you focus on strengthening the security of your most important online accounts. This includes your:

  • internet banking account
  • email accounts
  • government websites login and account
  • remote working accounts.

Don’t stop there, learn more about how to secure your devices.

Key actions include:

Key security tips to avoid info stealers:

  • Be wary of clicking on links in emails, messages, pop-ups, and advertisements.
  • Only download software from trusted sources – avoid pirated software and downloading files or software from unknown or untrusted sources.
  • Ensure that your operating system's built in antivirus solution is enabled. If you use a third-party antivirus solution, ensure that it is kept up to date and is from a reputable vendor.

Key security tips to protect your information:

  • Use a trustworthy computing device when logging into important online accounts. For example, don’t log in to your work accounts or use sensitive services like internet banking on shared computers or communal workstations.
  • Be careful with what you store in your web browser’s autofill feature. When filling in web forms, consider manually entering sensitive data, such as credit card numbers, rather than saving it to your web browser's autofill feature.
  • Do not store your work credentials in a personal password manager unless explicitly approved by your employer. This includes your web browser’s password manager. If in doubt, request that your employer provide a corporately supported password manager.
  • When logging into online accounts, avoid using any ‘remember me’ options.
  • Log out from all online services and clear web browser cookies after finishing a browsing session in order to reduce the information available to info stealers.

More information

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?