Aunque las detecciones globales bajaron 18 % en el segundo semestre de 2025, los ataques actuales son más sofisticados; destaca un interesante y oportuno análisis desde ESET
FeaturedFinancial security

What’s happening with infostealers and credential theft? Is your digital identity at risk?

Although global detections decreased by 18 % in the second half of 2025, current attacks are more sophisticated; an interesting and timely analysis from ESET highlights this

An analysis based on the latest ESET Threat Reports reveals critical changes in the infostealer ecosystem: Although global detections decreased by 18% in the second half of 2025, attacks are now more sophisticated.

The use of artificial intelligence and new distribution models are redefining risk for businesses and citizens throughout Latin America. “Infostealers remain a favorite tool of cybercriminals because they allow them to steal large volumes of credentials and sensitive information silently. Although we saw a decrease in the number of detections last year, we also observed an evolution in their sophistication, with better-targeted campaigns and the use of new technologies to optimize attacks,” says David González, Cybersecurity Specialist at ESET Latin America.

Researchers at this company, a global leader in cybersecurity, analyzed the evolution of malware, specifically this type designed to steal sensitive information such as passwords, banking data, and browser history. With the discontinuation of Agent Tesla, other families like Formbook and SnakeStealer have taken the lead in information theft.

This information is of relevant interest to both experts and advanced users, as well as those with basic knowledge who are undergoing preventative education and training.

Local radar alert: the threats setting the trend in our region

According to ESET telemetry, these are the malware families with the greatest impact that users in Latin America should closely monitor:

Formbook (Win/Formbook). This was the most identified family globally at the end of 2025, accounting for 17.3% of total detections, primarily distributed through phishing campaigns.

Lumma Stealer (Win/Spy.LummaStealer). Responsible for massive attacks, especially targeting users in Mexico, focused on stealing credentials and data stored in browsers.

Agent Tesla (MSIL/Spy.AgentTesla). Despite a slowdown in its development, it continues to be widely distributed through malware downloaders such as CloudEyE (GuLoader).

NGate / PhantomCard (Android/Spy.NGate). A mobile spyware threat primarily targeting the Brazilian banking ecosystem, with the ability to steal contacts and card data.

Spy.Banker_(JS/Spy.Banker). JavaScript-based Trojans that mainly affect users of financial services and have a global detection rate of approximately 9.5%.

How are these threats distributed to carry out attacks?

The main infection vectors include: Phishing and targeted spam, with malicious attachments that simulate invoices or orders. ClickFix, a social engineering technique that displays fake system errors or prompts users to activate software to make it fully functional or unlock new features in the paid version; in both cases, the goal is to convince the user to execute malicious commands. Malware downloaders, such as CloudEyE (GuLoader), which experienced strong growth during the second half of 2025. Fraudulent websites that impersonate official stores like Google Play to distribute applications.

Digital Survival Guide: What You Need to Know to Protect Your Information Today

Latin America has become a key target for cybercriminals. Don’t ignore these recommendations; they are essential tools to avoid becoming the next victim.

  • Strengthen your credentials: It is vital to improve the protection of your passwords and use early threat detection methods.
  • Beware of “ClickFix”: Don’t fall for fake system errors that prompt you to run malicious commands to “activate” software.
  • Mobile security: Strengthen security in mobile environments and be extremely cautious with payment technologies like NFC, which are increasingly used in financial attacks.
  • Verify your downloads: Avoid websites that impersonate official stores like Google Play, as they are common vectors for distributing fraudulent applications.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela:  https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram  (@esetla) and Facebook (ESET).

With information and reference image provided by ESET and Comstat Rowland

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

You might also like
Featured

Rafael Núñez from Computer Weekly: Mythos, the new cyber intelligence that…

Featured

Disney starts new wave of layoffs

Featured

The double deception: Fake services that scam you to recover money after you’ve…

Featured

Bancamiga ambassador Jon Aramburu, on winning the Copa del Rey: “We always work…

Business

Smart Cashtags to allow trading stocks and cryptocurrencies from the X timeline

Featured

Venezuela appoints new Central Bank president

More Stories

Ecuador’s crude exports exceeded 25 million barrels in…

Microsoft will boost AI in Spain

German economy contracts 1.7 % in 2021