Open-Sourced Infostealers About to Fuel New Wave of Computer Infections

A potential shift in Infostealers might be happening again. Traditionally, teams of cybercriminals develop an Infostealer family (variant) such as Redline, Lumma, Raccoon, etc., and rent the capabilities of that variant to other cybercriminals, typically costing a few hundred dollars per month. However, a new trend is emerging that could significantly alter the landscape of cyber threats: the rise of open-source Infostealers.

Recently, open-source Infostealers began popping up, with new families like SapphireStealer and, just this week, ThunderKitty. This development could lower the barrier of entry for amateur hackers, allowing them to access sophisticated tools without the upfront costs traditionally associated with such capabilities.

A recently developed open-source Infostealer family named “ThunderKitty” (h/t

While the developers of these open-source Infostealers ask users to use them for “educational purposes only”, infections are already happening in the wild.

ThunderKitty’s Telegram messages showing the developer complaining about their open-source Infostealer being used to infect people, safe to say they knew it will happen

Side note — “use for educational purposes only” is a considered a meme in hacking communities from times hackers advertised botnet infrastructure they rented out, DDoS services, or “Crypters” for botnets, and would ask users to refrain using their services for black hat purposes (many of them ended up being arrested nonetheless).

The Traditional Model: Rent-a-Malware

In the established model, cybercriminal teams create and maintain Infostealer variants. These malware families are then rented out to other malicious actors who use them to infect computers and steal sensitive information. This model ensures that only those who can afford the monthly rental fees can access these powerful tools, maintaining a level of exclusivity and control.

Poseidon MacOS Infostealer being advertised for $3000 per month

The Open-Source Revolution

The introduction of open-source Infostealers changes this dynamic. By making the source code freely available, the developers of these malware families democratize access to these tools. This move could have several significant implications:

  1. Lowered Barrier of Entry: Aspiring cybercriminals who might not have the financial resources to rent a sophisticated Infostealer can now access similar capabilities for free. This democratization of access could lead to a surge in the number of amateur hackers entering the scene.
  2. Increased Innovation and Adaptation: Open-source projects benefit from the collective input of a broader community. If maintained properly, these Infostealers can evolve rapidly, with new features and capabilities being added regularly. This constant improvement could make them even more dangerous than their traditionally rented counterparts.
  3. Proliferation of Infections: As more individuals gain access to powerful Infostealers, the number of infections is likely to rise. Amateur hackers, eager to make a name for themselves or earn quick profits, may launch widespread attacks, contributing to the growing trend of Infostealer infections.

The Future of Cyber Threats

The shift towards open-source Infostealers could lead to a more diverse and unpredictable threat landscape. While traditional Infostealer families are typically well-documented and understood by cybersecurity professionals, the rapid evolution of open-source variants could make it challenging to keep up with new threats.

Moreover, the influx of amateur hackers using these tools could result in a chaotic environment where attacks are more frequent and varied. Cybersecurity defenses will need to adapt quickly to this new reality, developing innovative strategies to detect and mitigate the threats posed by these open-source Infostealers.


The rise of open-source Infostealers represents a significant shift in the world of cyber threats. By lowering the barrier of entry and fostering rapid innovation, these tools could fuel a new wave of computer infections, posing challenges for cybersecurity professionals and increasing the overall risk to businesses and individuals. As this trend continues to evolve, staying informed and vigilant will be crucial in combating the ever-growing threat of Infostealers.

To learn more about how Hudson Rock protects companies from imminent intrusions caused by Infostealer infections of employees, partners, and users, as well as how we enrich existing cybersecurity solutions with our cybercrime intelligence API, please schedule a call with us, here:

We also provide access to various free cybercrime intelligence tools that you can find here:

Thanks for reading, Rock Hudson Rock!

Follow us on LinkedIn:

Follow us on Twitter:

Don’t Stop Here

More To Explore

favicon__1_ removebg-png


Stay informed with the latest insights in our Infostealers weekly report.

Receive immediate notification if your email is involved in an infostealer infection.

No Spam, We Promise

favicon__1_ removebg-png


Stay informed with the latest insights in our Infostealers weekly report.

Receive immediate notification if your email is involved in an infostealer infection.

No Spam, We Promise