(ABC 6 News) – Be careful what you search for and be extra careful when clicking on website links, even those that you find my searching Google or another search engine.

Infostealer, which has been around for a little while, is responsible for stealing over 2 billion
credentials in malware attacks. While you probably know it’s never wise to click on suspicious
links in emails you aren’t expecting, cyber security experts warn that Infostealer is using fake
websites to find victims.

This dangerous software silently harvests your sensitive data, potentially leading to identity
theft, financial fraud, and more.

Cybercriminals are masters of exploiting our desire for free and easy solutions. They target
specific search terms and behaviors, including:

1. Free Software and Tools: Searches for “free PDF converter,” “free video editor,” or
   similar terms often lead to compromised websites.
2. Cracked Software: The allure of getting expensive software for free makes searches for
   “cracked” or “pirated” versions particularly dangerous.
3. Game Cheats and Hacks: Gamers searching for ways to get ahead might stumble upon
   malicious downloads disguised as helpful tools.
4. Activation Tools and Key Generators: These searches, often for software activation,
   are prime targets for infostealer distribution.

Once you’ve entered these risky search terms, cybercriminals use several tactics to get you to
their malicious sites:

1. Search Engine Ads: Using compromised advertising accounts, attackers create
   convincing ads that appear at the top of search results. These ads often mimic legitimate
   software providers or download sites.
2. SEO Manipulation: By optimizing their malicious sites for popular search terms,
   attackers ensure their links appear high in organic search results.
3. Social Media and Forum Posts: Fake accounts on platforms like YouTube or Reddit
   share links to “free downloads” or “exclusive cheats,” leading users to
   infostealer-infected files.
4. Typosquatting: Attackers create websites with URLs very similar to legitimate sites,
   hoping users will mistype the address and land on their malicious page instead.

Once Infostealer infiltrates your system, it can:

● Steal saved passwords from your browsers
● Capture credit card information and banking details
● Harvest cryptocurrency wallet data
● Collect personal information for identity theft
● Enable further malware infections or ransomware attacks

While the threat is real, you can significantly reduce your risk by following these guidelines:

1. Use Reputable Sources: Only download software from official websites or well-known,
   trusted platforms.
2. Be Wary of “Too Good to Be True” Offers: Free versions of expensive software or
   miracle game cheats are often malware in disguise.
3. Install a Robust Antivirus: Keep your antivirus software updated and run regular
   scans.
4. Enable Ad Blockers: This can help prevent malicious ads from appearing in your
   search results.
5. Double-Check URLs: Ensure you’re on the correct website, especially when entering
   sensitive information.
6. Use Multi-Factor Authentication: This adds an extra layer of security to your accounts,
   even if passwords are compromised.
7. Keep Software Updated: Regular updates patch vulnerabilities that attackers might
   exploit.
8. Educate Yourself: Stay informed about the latest cybersecurity threats and tactics.

You might also want to visit www.haveibeenpwned.com. This website searches for email
addresses and passwords that have been included in data breaches.

Don’t be alarmed if you see your email address in the results. Most of us have had our
addresses included in a breach, but pay close attention to any passwords that show up in the
search results.

If a current password shows up in the breach it’s critical that you change it on any account that
uses it.