A deep dive into the information stealer ecosystem with traffers teams 🕵️

In the first half of 2022, SEKOIA identified an increase in the use of information-stealing malware as the preferred commodity malware for cybercriminals. These observations led us to analyse the main methods of distribution of this threat, as well as the organisation of traffers, which are cybercriminal organisations that play a key role in the distribution of stealers. Our investigation led us to identify a structure and a common modus operandi to most traffers teams distributing stealers, as well as an infection chain and malware widely used by traffers. SEKOIA published an in-depth analysis of the traffers teams in the [FLINT 2022-046 report](https://app.sekoia.io/intelligence/objects/report--ac35dd81-32a0-4786-a123-7e033294cd2f) to share the results of our investigation. ![flint_046_fig2.jpg](BASE/products/901462981/changelog/12385/inline-9fe1dddc8b3a1ee463465e0cd4dfd9f7.jpg) SEKOIA analysts will continue to monitor the traffers' threat and share the latest trends with our customers. Additionally, we monitor emerging or well established stealers to produce actionable intelligence to our customers, including indicators of compromise for multiple families of information-stealing malware. Related resources: * [FLINT 2022-046 - Traffers: a deep dive into the information stealer ecosystem](https://app.sekoia.io/intelligence/objects/report--ac35dd81-32a0-4786-a123-7e033294cd2f) * [Campaign object sharing details on the 911 infection chain](https://app.sekoia.io/intelligence/objects/campaign--9f5bb592-0632-457b-a52d-e266a0b5ac40)