InformationStealers - description
- Last Updated: May 1, 2026
- 1 minute read
- Flowmon Products
- Flowmon Anomaly Detection System
- Documentation
Sources:
Major Information Stealer Families:
- Emotet malware analysis and capabilities
- New Emotet variant evading sandbox analysis
- Return of Emotet malware campaign
- Loki infostealer delivered through Microsoft Office vulnerability
Supply Chain and Web-based Attacks:
- Operation Red Signature targeting South Korean organizations
- Magecart attack through compromised advertising supply chain
- MirrorThief group targeting campus online stores with skimming attacks
- FIN6 compromising e-commerce platforms with credit card skimmers
- Hotel booking websites targeted by Magecart skimming attacks
Advanced Persistent Threats:
- Urpage connection to multiple threat actor groups
- MuddyWater APT group using new backdoor and exploitation tools
- SLUB malware intensifying use of Slack for command and control
Other Notable Threats:
- Weekly threat roundup of information stealers
- AutoIt worm delivering fileless Bladabindi/njRAT backdoor
- Windows app for Mac downloading information stealers
- Fileless banking trojan targeting Brazilian financial institutions
- TA505 spam campaigns using new malware tools
These malware families steal information from organizations across various industries, either to gather competitive intelligence or as preparation for additional attacks. This detection covers multiple information stealers including Emotet, Fareit, Loki, Urpage, Operation Red Signature, Magecart, MuddyWater, SLUB, and MirrorThief.
Flowmon ADS detects both the downloading of these malware families and their communication with command and control servers.
