Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

Teal hexagon and open padlock graphic explaining what an infostealer is

Infostealer is short for “information stealer” — malware with one job: quietly copy every useful secret on a computer and send it back to whoever planted it. That means saved browser passwords, session cookies, Microsoft 365 and email logins, VPN and SSH keys, crypto wallets, sometimes password-manager data. The word is everywhere this week because a brand-new one, Djinn Stealer, is being planted through a flaw in remote-support software, as reported by BleepingComputer.

Think of a burglar who photocopies your keys

An infostealer doesn’t smash anything. It photocopies your keys and leaves — and you often won’t notice a thing. The stolen “logs” get sold in bulk on criminal markets, and a different crew buys them to walk straight into your systems. Two things make this worse than it sounds. First, stolen session cookies can let an attacker skip the login screen entirely, which is why MFA on its own doesn’t always save you. Second, this class of malware sits behind a large share of the breaches Australian organisations report to the OAIC, where malicious and criminal attacks remain the single biggest cause. A password typed on a home laptop — or a personal phone with work email on it — is just as exposed as one on a company PC.

What it means for your business

You can’t “clean” a leaked password — you have to change it. So the defences that actually work are the unglamorous ones: a password manager so every login is unique, MFA everywhere (ideally phishing-resistant, like passkeys), browsers and devices kept patched, and endpoint protection that spots the theft attempt rather than a known signature. If a device is compromised, reset passwords and revoke active sessions — don’t just run a scan and call it done.

Most infostealers still arrive because someone clicks something. That’s why we pair security awareness training with managed cybersecurity — together they stop far more than either does alone.

Related Guide

Cybersecurity for Sydney SMBs

Explore our complete guide to protecting your business from cyber threats.

Read the Full Guide →