Infostealers – Research Objectives

The growing prevalence of infostealer malware poses a significant threat to both individual users and organizations, leading to the theft of login credentials, cryptocurrency wallets, multi-factor authentication tokens, browsing history, and other sensitive data. Despite the widespread use of the Windows Data Protection API (DPAPI) to secure data at rest, recent attacks demonstrate that this mechanism can be circumvented when malware operates within the same user context. The existing literature lacks a comprehensive analysis of how modern infostealer families exploit DPAPI and of the effectiveness of detection strategies against such threats. This study addresses this gap by systematically analyzing the behavior of selected infostealer malware—Vidar Stealer, Raccoon Stealer, RedLine Stealer, Aurora Stealer, and Lumma Stealer. The research focuses on their methods of abusing DPAPI to extract sensitive information from web browsers and credential stores. The findings reveal common techniques employed by these malware families and highlight the limitations of current data protection approaches. Based on the results, the study proposes research objectives to develop detection mechanisms capable of identifying both known and novel infostealer variants, and to evaluate alternative, more secure methods for protecting sensitive data at rest on Windows systems.