The usual credential stealing malware have consistently booked the top 4 spots each quarter of 2023, albeit jostling amongst themselves for the top position.
Meta stealer has shown a constant growth to eventually sit 1st at the end of September.
 |
1st Quarter 2023 RedLine and Vidar were the most successful Information Stealer malware we witnessed in the first quarter of 2023. |
 |
2nd Quarter 2023 Raccoon Stealer had a surge in the 2nd quarter
|
|
Raccooon Stealers jump in the 2nd Quarter is likely related to the release of a new version which came with several new features.
|
|
 |
3rd Quarter 2023 For the third quarter of 2023, the overall numbers of infected computers dropped and Meta Stealer took the number 1 spot. |
 |
The majority of information stealer software we have found installed is found residing in the .Net Framework folder which the majority of the remaining in the Users AppData subfolders. |
 |
RedLine Stealer is the most effective on business computers (Windows 10 Enterprise) followed unsurprisingly by Meta Stealer which relates directly to their success against computers with Windows Defender installed which you can see from the table at the bottom of this post. |
 |
Vidar and Raccoon Stealer take the top 2 spots for Information Stealer oftware found on Windows 10 Home computers as well as computers without AV installed on them. |
Info Stealer Malware success rate against Anti-Virus/EDR software
RedLine Stealer appears to have the highest success rate against computers which have AV/EDR software installed.
Vidars success comes primarily from computers which do not have any AV/EDR software protection installed.
Meta Stealer while having less overall numbers than RedLine it is effective against as many computers with Windows Defender as it is with no protection in place. This is not surprising considering Meta Stealer is believed to have been based initially on the RedLine source code.
RedLine Stealer
RedLine stealer has been around since early 2020 It is designed to steal sensitive information from compromised devices. It is sold as Malware as a service by threat actors on underground forums Threat actors use RedLine Stealer due to its ability to evade AV protection and ease of use. RedLine steals data from web browsers such as saved credentials complete with associated URL and payment card details. It also extracts system information such as username, hardware configuration, installed general and security software, installed AV and VPN software, network configurations and cryptocurrency related data, which it offers for sale alongside the credentials.
Vidar Stealer
Vidar is a stealer malware and much like Redline is a Malware as a service (MaaS) offering which targets personal information and cryptocurrency wallets data present on the infected device. Vidar has been around longer than RedLine and was first observed in 2018. It is believe Vidar originated from Russia, despite any official acknowledgement as you can imagine. Vidar stealer is well known for its use of C2 communication, typically through pages in social networks, such as Steam, Mastodon and Telegram.
Raccoon Stealer
Raccoon is one of the most widely used and well known information stealing malware and has been around since 2019 initially costing $200 USD/month for a subscription. The malware steals data from over 50 applications, including credentials and associated urls, credit card info, browsing history, installed AV, cookies, and crypto currency wallet accounts. It has been in the news recently when its main author, Mark Sokolovsky was arrested in the Netherlands by the FBI after his girlfriend documented their holiday on her Instagram account. The FBI also took down the infrastructure behind Raccoon stealer at the time.
Meta Stealer
Meta is a new information stealer malware that has an increasing user base. As mentioned before Meta appears to have been built off of RedLines source code and its increase in popularity appears to have speed up around the time of Raccoons FBI take down, so it is assumed a large portion of cyber criminals using Raccoon jumped ship to Meta. Meta costs roughly $125 USD per month for a subscription or $1,000 for unlimited lifetime use.
