SOCRadar® Cyber Intelligence Inc. | Stealing the Spotlight: Unraveling the Surge of Stealer Malware in Brazil


Jun 23, 2023
6 Mins Read

Stealing the Spotlight: Unraveling the Surge of Stealer Malware in Brazil

As we dive into the intricate web of the cyber threat landscape, one particular strain of malicious software continues to raise alarm bells – Stealer Malware. Over the past year, this notorious cyber predator has quietly but steadily expanded its reach, infecting hundreds of thousands of users across the globe. Strikingly, one country has emerged as the primary target of this insidious cyber threat – Brazil.

But why is Brazil leading the infection charts, and what factors contribute to its vulnerability to Stealer Malware? Drawing insights from the recent SOCRadar whitepaper, ‘Snapshot of 70 Million Stealer Logs,’ this blog post aims to illuminate the significant trends and underpinning factors contributing to Brazil’s heightened cybersecurity risk. This comprehensive analysis will provide essential context to the upcoming SOCRadar Brazil Threat Landscape Report.

Buckle up as we embark on this exploration of the world of Stealer Malware and its impact on Brazil.

brazil stealer infection
The picture reveals where the antivirus software of a Brazilian victim detected a Trojan, yet the user continued with their actions.

Unmasking the Stealer: A Threat to Global Cybersecurity

Stealer malware is a term that’s been gaining increasing prominence in cybersecurity circles. But what exactly is it? Stealer, as the name suggests, is a type of malware designed to steal sensitive data from users’ devices, such as their credentials, financial details, and other personal information. From a minor threat, it has grown to become one of the most prevalent and formidable cybersecurity issues worldwide.

The problem intensifies with the emergence of the “Stealer as a Service” model. This model, wherein info-stealer tools are sold or leased over the internet, has expanded the threat landscape by enabling even those with low technical skills to deploy this dangerous malware.

The Stealer Epidemic: An Overview

In a recent whitepaper titled ‘Snapshot of 70 Million Stealer Logs,’ SOCRadar unveiled startling insights about the global Stealer problem. Based on the analysis of 400 gigabytes of stealer log data collected from a range of sources, the study concluded that in just one week of March 2023, over 100,000 individuals from 200 different countries were infected by stealer malware.

brazil malicious software
The image captures a Brazilian user with illegal copies of various software, demonstrating the widespread use of unlicensed software and the heightened risk of malware infection associated with it.

Surprisingly, the spread of this infection didn’t follow the anticipated pattern. Certain countries seemed to bear the brunt of the stealer malware onslaught more than others, but not the usual suspects. Brazil was at the top of this list, followed by Egypt and India, the countries most infected by stealer malware. This trend of infection was also echoed in a study conducted by Accenture’s Cyber Threat Intelligence team, which noted a significant uptick in infostealer victims in similar countries. Specifically, Brazil was highlighted as the third most affected country between July and October 2022.

Brazil: The Stealer Hotbed

brazil stealer malware
The image depicts a Brazilian user captured by stealer malware, showing an attempt to install software via an online video tutorial. It highlights the risks associated with unlicensed software installation.

Why has Brazil become a magnet for stealer malware infections? The answer lies in a confluence of factors:

  • Widespread use of unlicensed software: Brazil ranks high for visits to software piracy sites, which often serve as a conduit for hidden malware.
  • Low cybersecurity awareness: The general lack of understanding about cybersecurity best practices among the population renders them more vulnerable to such threats.
The image shows a Brazilian user disabling their Windows firewall to download cheat modes for a game. This dangerous act bypasses a critical layer of protection, leaving the system vulnerable to malware attacks.
The image shows a Brazilian user disabling their Windows firewall to download cheat modes for a game. This dangerous act bypasses a critical layer of protection, leaving the system vulnerable to malware attacks.

  • Unique video gaming market: The country’s mixed gaming market, featuring both licensed and cracked games, presents ample opportunities for malware distribution.
  • High population: As the world’s 6th most populous country, Brazil naturally offers a larger pool of potential victims.
  • The high number of phishing attempts: This common delivery method for stealer malware is frequently employed in the country.
  • Increased VPN usage: The recent ban on Telegram has led to a surge in the usage of free and untested VPN software, creating yet another potential avenue for malware attacks.

A striking illustration of these factors at work is evident in several screenshots captured by stealer malware from the devices of Brazilian victims. One such screenshot shows a victim attempting to install software via a video tutorial, while another reveals a user disabling their Windows firewall to download cheat modes for a game. Even in instances where the antivirus program detected the trojan, the user seemed to continue, undeterred. Further, screenshots also highlight the illegal copies of various software present on users’ devices.

The Way Forward

The data offers a clear message: cybersecurity threats are increasingly sophisticated, and no region is immune. The stealer malware epidemic in Brazil underscores the urgent need for a proactive, informed approach to cyber threats.

As Stealer-as-a-Service grows in popularity and scope, it is evident that this threat will not be subsiding anytime soon. It’s incumbent upon individuals, organizations, and nations to bolster their defenses and mitigate this ever-present threat. With tools like SOCRadar’s Extended Threat Intelligence platform, which offers proactive alarms and prioritized information, steps can be taken to counteract these cyber threats before they can cause significant harm.

Brazil’s case signifies the urgency and necessity of such actions. The high infection rate in the country should serve as a warning to other regions facing similar cybersecurity risks. The fight against cyber threats is global and relentless, and as these threats evolve, so must our strategies to combat them.

Ultimately, understanding and addressing the rise of Stealer Malware in Brazil is part of a broader endeavor to secure our interconnected world from ever-growing cyber threats. It is a challenge we must face head-on, with constant vigilance, proactive strategies, and the power of reliable cyber threat intelligence.