Pakistan

35% of Infostealer Attacks Begin with Files Opened from Temporary Folders: Kaspersky

Published by
Abdul khalique

ISLAMABAD: New research by Kaspersky Digital Footprint (DFI) has discovered that more than one-third of infostealer infections start when users run files directly from temporary browser folders, showing that user behavior remains a key factor behind credential theft. Just 32% of infostealer attacks use process injection and living off the land techniques, typical of advanced malware families.

Kaspersky DFI researchers analyzed 5 million infostealer log files discovered on the dark web in 2025. These logs, which contain data stolen from compromised devices such as account credentials, browser cookies and system metadata, also revealed the original locations of malicious files on infected machines.

The most common location was the Windows temporary directory, C:\Users\AppData\Local\Temp\, which accounted for approximately 35% of all observed cases. This folder is commonly used to store files downloaded from the internet before they are explicitly saved by a user: a significant share of infections occurs when users directly launch downloaded files, without attackers relying on sophisticated evasion techniques.

The second most common location, responsible for about 32% of cases, was C:\Windows\Microsoft.NET\Framework\. This path is associated with process injection and living-off-the-land techniques, in which malware abuses legitimate system processes to evade detection. Such behavior is commonly observed in more advanced infostealer families, including Lumma.

The analysis indicates that infections are often linked to two risky user actions: downloading software from untrusted sources and attempting to activate software illegally. In many cases, victims follow instructions provided by threat actors and disable security software before running malicious files. According to the research, many malicious files were disguised as legitimate software installers, activators or game modifications. While game mods remain a common lure, attackers frequently adapt the same techniques to distribute virtually any type of software.

“Infostealers surged in 2025, with infections rising 59% year over year. Our analysis shows that user behavior remains a key factor behind many of these compromises. The volume of infostealers executed from temporary download folders, suggests that users often launch them immediately after downloading. In many cases, attackers do not need sophisticated techniques, they simply need to convince a user to run a file,” said Sergey Shcherbel, expert at Kaspersky Digital Footprint Intelligence.

To reduce the risk of infostealer infections, Kaspersky recommends businesses to adopt a comprehensive digital risk protection service that monitors organizations’ digital assets and detects threats across the surface, deep and dark web such as Kaspersky Digital Footprint Intelligence. Provide your InfoSec professionals with an in-depth visibility into cyberthreats targeting your organization. The latest Kaspersky Threat Intelligence provides them with rich and meaningful context across the entire incident management cycle and helps them identify cyber risks in a timely manner.

To stay safe users are recommended todownload software only from official and trusted sources, avoiding pirated software, cracks, activators and unofficial installers. Use a strong security solution on all computers and mobile devices, such as Kaspersky Premium. It will warn you about potential threats and prevent infection. Manage sensitive data securely: avoid storing passwords or recovery phrases in your photo gallery or notes; instead, use a dedicated, trusted password manager such as Kaspersky Password Manager. Never disable antivirus or security tools to install software and exercise caution when downloading game mods, cheats or third-party utilities.

Abdul khalique

Recent Posts

Pakistan govt announces increase in Petrol and Diesel Prices

ISLAMABAD: The federal government has announced an increase in petroleum prices across Pakistan following a…

10 hours ago

Petrol, Diesel prices likely to increase tonight

ISLAMABAD: The government is expected to raise petroleum prices following a surge in global crude…

12 hours ago

Punjab board to establish AI labs in schools

LAHORE: Punjab’s Curriculum and Textbook Board (PCTB) has given approval for providing an artificial intelligence…

15 hours ago

KP govt announces free wifi for public

PESHAWAR: The Khyber Pakhtunkhwa (KP) government formally kicked off its ‘KP Open Wi-Fi’ project, providing…

15 hours ago

Aliza Sultan Urges Immediate Action to Protect Children Across Pakistan

Pakistani social media personality Aliza Sultan has called for urgent action to protect children from…

16 hours ago

Alert issued over commonly used antibiotic in Pakistan

LAHORE: An alert has been issued to avoid Azomax 250mg (Azithromycin) capsules, on being declared…

17 hours ago