Weekly Infostealer Attacks Spike 84% Through Phishing Email Campaigns

In a significant escalation of cyber risk for global enterprises, weekly infostealer attacks delivered through phishing email campaigns have surged by 84% year-over-year, according to recent X-Force security intelligence.

This sharp rise is reshaping the threat landscape, driven by adversaries who are rapidly adopting generative AI, cloud infrastructure, and advanced obfuscation tactics to distribute malware and harvest sensitive credentials on an unprecedented scale.

Phishing, already entrenched as a leading initial access vector, is now being leveraged as a ‘shadow infection vector’ for valid account compromise.

Corporate users who inadvertently click on persuasive links in phishing emails are exposing themselves to infostealer malware capable of capturing credentials, financial information, and intellectual property.

This trend is particularly acute in industries with legacy infrastructure manufacturing remains the most targeted sector for the fourth consecutive year, suffering the highest rates of ransomware, extortion, and data theft.

Cloud-Hosted Phishing and Obfuscation on the Rise

A notable development in the current threat landscape is the migration of phishing operations to public cloud hosting services.

Attackers exploit trusted domains from well-known providers to lend credibility to malicious URLs embedded in emails and PDFs file types that have become the most common vectors for malware delivery.

Regions such as Latin America (LATAM) and Asia-Pacific (APAC) are acutely affected: LATAM, in particular, has seen a marked increase in attacks leveraging cloud services to distribute banking trojans and credential harvesting malware, while APAC’s strategic role in global supply chains has driven a 13% increase in attacks.

PDF obfuscation is a favored tactic: nearly half of all malicious PDFs use techniques such as encryption, hex encoding, or compressed streams to conceal URLs, frustrating both automated security tools and human analysts.

The overwhelming ubiquity of URLs and PDFs in business communication creates challenges for defenders, as indiscriminate blocking would disrupt legitimate operations.

AI-Powered Phishing and Infostealer-as-a-Service

Cybercriminals are increasingly turning to generative AI to scale their operations. Tactics now include the automated generation of convincing phishing emails, realistic deepfakes, and even custom malware code.

AI-driven phishing campaigns have lowered entry barriers for less sophisticated threat actors and enabled a dramatic increase in both campaign volume and sophistication.

Infostealer malware, often sold as malware-as-a-service (MaaS) on dark web forums, allows attackers to quickly exfiltrate credentials for subsequent identity-based intrusions without maintaining a persistent backdoor, complicating detection and attribution efforts for cyber defenders.

IBM analysis of dark web markets reflects these trends, with listings for infostealer credentials up 12% year-over-year.

Popular strains like Lumma, RisePro, and RedLine are traded in bulk, fueling follow-on attacks that use valid credentials to bypass traditional defenses such as MFA often defeated through adversary-in-the-middle (AITM) phishing kits now widely available to criminal actors.

The rapid evolution of infostealer delivery and credential phishing is reshaping enterprise security priorities.

While improved endpoint detection and response (EDR) solutions have reduced traditional backdoor infections, adversaries’ focus on stealing identities especially through phishing means organizations are increasingly vulnerable to deeply embedded, long-dwell attacks.

Security experts urge companies to embrace layered defenses: deploying AI-enabled threat detection, implementing robust multi-factor authentication, and consolidating identity management systems to reduce attack surfaces.

Above all, ongoing employee education on phishing risks and the integration of threat intelligence into daily security operations are deemed critical.

As attackers’ adoption of cloud infrastructure and AI accelerates, so too must defensive strategies.

Only with agile, intelligence-led cyber risk management and a proactive, ecosystem-wide approach can enterprises keep pace with the exponential growth in phishing-based infostealer attacks.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates