New Cyber Threat: REMUS Infostealer Steals Data With Session Tokens

Cybercriminals are becoming increasingly sophisticated in stealing sensitive information. A new threat called REMUS Infostealer no longer solely focuses on cracking passwords. This type of malware has evolved and now primarily targets obtaining 'session tokens.' These are the digital keys your browser uses to keep you logged into websites, such as your bank, webmail, or social media.

Why are session tokens so valuable? If a criminal gets hold of such a token, they don't even need to know your password. They can simply take over your active session and thus gain access to your accounts. This is much more advanced and harder to detect than traditional password theft. Furthermore, REMUS is offered as a service (MaaS - Malware as a Service), meaning even less technical criminals can use this tool to carry out attacks.

What does this mean specifically for SMB companies? Your employees use various online services daily. If their browser becomes infected with REMUS, their session tokens can be stolen. This can lead to business systems being paralyzed, theft of confidential information, or financial fraud. The tendency to be 'always logged in' on important business platforms poses a particular risk.

What can you do? Ensure up-to-date security software on all devices. Train your employees to recognize and avoid suspicious links and downloads. Enable two-factor authentication (2FA) wherever possible. Limit the duration for which sessions remain active and teach employees to actively log out after use, especially on shared or public computers. Stay vigilant, as this threat evolves rapidly.