TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

Infostealers Crash Course: A Tradecraft Tuesday Recap

2025-06-03 · Read original ↗

ATT&CK techniques detected

11 predictions
T1555.003Credentials from Web Browsers
97%
"targets chromium - based web browsers for credentials and cookies, as well as 2fa passwords or wi - fi network credentials - realst stealer : targets macos keychain data, crypto wallet data, and chromium - based browser information overall, macos infostealers operate in a slightl…"
T1555.003Credentials from Web Browsers
85%
"( including genesis market, stealernet, and raidforums ), either because they shut down or because they were seized by law enforcement. these marketplaces have unique characteristics : for instance, genesis market ( which started in 2018 and was seized in 2023 ) was invitation - …"
T1588.002Tool
78%
"businesses can protect themselves. it all started with zeus : a quick history of infostealers infostealers can be traced back to zeus, malware which was first introduced in 2007. in its original variant, it could access victims ’ banking credentials and financial information. in …"
T1589.001Credentials
76%
"infostealers crash course : a tradecraft tuesday recap if a threat actor launches a ransomware, extortion, or identity theft attack, the odds are that infostealers — and the credentials they ’ ve compromised — are behind it. infostealers have quickly evolved into a major threat, …"
T1176.001Browser Extensions
74%
"threat actors for infostealers. after the executable was downloaded, it misused remote debugging in chrome, which is a common malicious activity that is observed by infostealers in order to extract cookies. a file named raretemp was also created in the temp directory ( this is a …"
T1555.003Credentials from Web Browsers
64%
"threat groups as well. here are some other types of data that infostealers target : - cookies, single sign - on ( sso ) tokens, session tokens, jwt tokens - 2fa, mfa, and otp keys - crypto wallets, recovery, and seed phrases - api keys and cloud service credentials - personally i…"
T1555.003Credentials from Web Browsers
56%
"threat actors for infostealers. after the executable was downloaded, it misused remote debugging in chrome, which is a common malicious activity that is observed by infostealers in order to extract cookies. a file named raretemp was also created in the temp directory ( this is a …"
T1621Multi-Factor Authentication Request Generation
54%
"risks caused by infostealers with a multi - layered defense strategy. measures like mfa can reduce the effectiveness of stolen credentials. endpoint detection and response ( edr ) controls can also detect unauthorized access on session tokens or encrypted files. there are other c…"
T1556.006Multi-Factor Authentication
43%
"risks caused by infostealers with a multi - layered defense strategy. measures like mfa can reduce the effectiveness of stolen credentials. endpoint detection and response ( edr ) controls can also detect unauthorized access on session tokens or encrypted files. there are other c…"
T1583.001Domains
42%
"general can have a significant influence on the infostealer landscape overall, with the takedowns of genesis market and raidforums having major impacts. more recently, in may, europol announced a law enforcement operation targeting lumma stealer, which disrupted its technical inf…"
T1657Financial Theft
34%
"infostealers crash course : a tradecraft tuesday recap if a threat actor launches a ransomware, extortion, or identity theft attack, the odds are that infostealers — and the credentials they ’ ve compromised — are behind it. infostealers have quickly evolved into a major threat, …"

Summary

Cybercriminals are sitting on a pile of stolen credentials, financial information, and sensitive data, thanks to the success of infostealers. Read more to learn how infostealers have grown to become a scourge to defenders, and how businesses can protect themselves.