During the first months of the year, Spain has experienced a notable increase in infostealer distribution campaigns, one of the most active and dangerous cybersecurity threats today. This is the warning issued by ESET Spain’s laboratory, which has detected sustained growth in the use of this type of malware, targeting both individual users and companies.
Infostealers are malicious programs designed to steal sensitive data, such as passwords, access credentials, activity logs, and even screenshots or clipboard content. Cybercriminals distribute them using techniques like social engineering, phishing, and fraudulent emails, posing as well-known companies such as Iberdrola, Correos, DHL, Banco Santander, or even official institutions like the College of Property Registrars.
According to Josep Albors, ESET Spain’s director of research and awareness, "Spain has consolidated itself as one of the main targets of cybercrime globally." In fact, according to the latest Threat Report from the company, Spain was the third country with the highest threat detections in 2024, accounting for a concerning 9% of the global total. In this scenario, phishing continues to be the main attack vector, used as a gateway to install infostealers.
Increasingly Sophisticated Campaigns
ESET experts have identified common patterns in these campaigns: attackers send emails that mimic routine notifications, such as pending invoices, package shipments, or bank documents. These emails contain compressed files with disguised executables that, once opened by the user, unleash the infection process.
Among the infostealers detected in circulation are VIP Keylogger, Agent Tesla, Snake Keylogger, and the emerging Lumma Stealer, the latter showing a 369% increase in detections in the second half of 2024. Once installed, these programs extract information directly from the infected system and send it to cybercriminals via compromised servers or through Telegram bots, automating the data exfiltration process.
In many cases, campaigns are distributed from previously compromised corporate email accounts, which increases their credibility to recipients and complicates detection by traditional filters.
A Threat That Can Be Prevented
Despite their danger, such threats are not invincible. ESET, a leading cybersecurity company, reminds us that prevention and training are key to minimizing risk. Among the company’s main recommendations are:
- Be wary of unsolicited emails, especially if they include compressed attachments or suspicious extensions.
- Verify the sender and the message headers, without solely relying on the email’s design or external appearance.
- Avoid executing files with double extensions or unclear names.
- Train employees, especially in sensitive areas like the finance department, to detect impersonation or deception attempts.
- Use advanced security solutions that detect and block threats in real time.
- Change passwords regularly and enable multi-factor authentication on all important access points.
“The active campaigns in 2025 demonstrate that cybercrime continues to yield results, despite using well-known techniques. Therefore, awareness, prevention, and active protection remain the pillars for safeguarding both users and companies against these silent yet highly effective threats,” concludes Albors.
With an increasingly digitized and connected landscape, infostealers are becoming one of the preferred weapons of cybercrime for profit through information theft. The response must be constant and coordinated, based on a cybersecurity culture that involves all of society.