Essential advice: Is your digital lifestyle making you prone to an infostealer attack?

That said, experts from NordVPN have analysed a mountain of data to find the three digital lifestyles that are most often targeted by infostealers – malware designed to harvest and ultimately steal personal information and credentials.

“When we look at the apps and websites most often linked to infostealer infections, three clear user patterns emerge,” Marijus Briedis, CTO at NordVPN, said in a statement.

“They are so common that almost anyone can become a victim, including IT professionals.”

The three groups identified by NordVPN have been grouped together based on the apps they install and the sites they regularly visit.

Group 1: Lifestyle internet users

If you’re terminally online – like many of us – your almost constant and regular internet activity makes you a prime target for infostealers, and heavy users of social media are probably the most targeted.

VIEW ALL

“Almost 65 million infostealer logs were linked to social media platforms such as Facebook, Instagram, Discord, and X accounts,” NordVPN said.

“The same category also includes streaming and e-commerce. About 28 million infostealer logs were tied to streaming services like Netflix, Disney, and HBO, and 26 million to shopping sites such as Amazon and eBay.”

Group 2: Gamers

Researchers found more than 53 million infostealer logs linked to gaming activity. Gaming ecosystems such as Roblox, Steam, and Epic are considered to be among the riskiest platforms, with compromised games that hide infostealers and other malware a relatively common occurrence.

“Many are popular with children and teenagers, so one risky download or mod can infect a shared family PC,” NordVPN said.

Similarly, gamers who regularly seek out cracked or otherwise pirated games also leave themselves wide open to infostealer infection.

Group 3: IT professionals

Developer tools and code repositories have become a particularly insidious vector for malware in the last 12 months, making IT professionals uniquely susceptible to infostealer attacks.

“The riskiest portals and activities for infostealers include enterprise identity portals, code and cloud platforms, collaboration services such as Zoom, router or private IP pages, HR or hiring portals, web builders, and even LinkedIn,” NordVPN said.

Once one work platform is infected, the risk to the wider network can easily cascade throughout an organisation’s network from the inside.

“Infostealers don’t target a type of person; they target predictable behaviour,” Briedis said.

“Whether it is social media logins and online shopping, gaming ecosystems, or code hosting platforms, the pattern is the same. Once attackers capture a session or saved login, they can move across accounts faster than most people can react.”

What you can do

The most important first step is to secure the main email account that is most commonly linked to services such as Steam and sites such as LinkedIn. Turn on multifactor authentication wherever possible, regularly change passwords, and use passkeys if they’re available.

Keep your browser and operating system up to date, as well as any regularly used software. Review passwords saved in browsers and remove those no longer used.

Finally, if anything seems too good to be true – such as a free or cracked game or software tools – it probably is. Do not use any software or tools that require you to disable protections, and beware of unofficial game launchers or software.

“The biggest myth is that infostealers only affect careless people,” Briedis said.

“In reality, they are built to exploit normal convenience. The most effective protection is limiting what a compromised device can give away at once.”