Infostealer, Explained — the Quiet Malware Behind So Many Breaches

The malware in this week’s ACSC ClickFix alert is a Vidar “infostealer,” as reported by iTnews. It’s a word that turns up in nearly every breach story now, so here’s what it actually means — no jargon.

An infostealer is a small program with one job: rummage through a computer and quietly copy anything valuable, then send it back to the attacker and often delete itself. “Anything valuable” means saved browser passwords, credit-card details, the session cookies that keep you logged in to Microsoft 365 or your banking, and crypto-wallet keys. Think of it less like a burglar who smashes a window and more like a pickpocket who lifts your wallet, photographs your keys and slips away — you don’t notice until your accounts start behaving strangely.

Why it matters right now: the dangerous part is the session cookies. If an infostealer grabs a live cookie, an attacker can often log in as you without your password and without triggering multi-factor authentication — because as far as the system is concerned, you’re already signed in. That’s how a single careless click on one laptop becomes a company-wide email compromise. Stolen logins are then bundled and sold in bulk, which is why the same credentials resurface in attack after attack.

The practical implication for your business: assume passwords alone won’t save you. The defences that work against infostealers are behaviour-based endpoint protection that spots the theft, phishing-resistant MFA, and training staff not to run “fix this” commands or install software they didn’t go looking for. If you’re not confident those three are in place, that’s the conversation to have with your IT provider this month.