In 2025, infostealer malware infected over 11 million devices and exposed 3.3 billion credentials, browser artifacts, session tokens, and system metadata. Sold as malware-as-a-service for as little as $60 a month, strains like Vidar and Lumma use sandbox detection and obfuscation to evade defenses, harvesting passwords, cookies, crypto keys, and more. Attackers then resell the data or use the stolen credentials to gain undetected access and deploy ransomware.