Jump to content

Talk:Infostealer

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Readability review

[edit]

Howdy! Just going to leave some suggestions for improvement, as I offered to do on discord :) this is only for the lead and first section, as i got tired and would rather post something than nothing.

  • First paragraph: "session cookies" isn't widely understood and "threat actor" is jargon
  • Infostealers usually consist of two parts: the bot framework that allows the attacker to configure the behaviour of the infostealer on the victim's computer, and a management panel that takes the form of a server to which the infostealer sends data. Not sure these are great definitions for "bot framework" and "management panel"
  • Infostealers are usually distributed under the malware-as-a-service (MaaS) model, where developers allow other parties to use their infostealers for subscription fees. Might want to make the distinction between the use and distribution of infostealers a bit more clear, since they both involve "sending" infostealer somewhere
  • Overview question: what differentiates infostealers from malware in general?
  • Does the management interface function as a web server, or operate on the same web server the infostealer sends information back to?

Hope this helps :) theleekycauldron (talk • she/her) 05:43, 4 September 2024 (UTC)[reply]

GA Review

[edit]
GA toolbox
Reviewing
This review is transcluded from Talk:Infostealer/GA1. The edit link for this section can be used to add comments to the review.

Nominator: Sohom Datta (talk · contribs) 14:42, 17 August 2024 (UTC)[reply]

Reviewer: Crisco 1492 (talk · contribs) 14:33, 24 November 2024 (UTC)[reply]


Image review

[edit]
  • No images.

Prose review

[edit]
  • Article seems a bit top heavy. Any way to refine the lede a bit more?
  • often for amounts as low as $10 - What currency?
  • Overall, prose is very tight in the article body.

Comprehensiveness

[edit]
  • Article feels very ahistorical. You mention that some of the earliest infostealers were detected and researched in 2009, but there are also statements like "The management interface, usually written in traditional web development languages like PHP, HTML, and JavaScript,[2] is typically hosted on the commercial cloud infrastructure". Given that commercial cloud infrastructure has only been a thing in the past decade or so, obviously there has been a shift in typical infostealer behaviour, but one doesn't get how that happened. Is there perhaps any historical information that could be added?
  • A couple things in the sources seem potentially beneficial. The fact that there are desktop interfaces, rather than web-based ones, and the lag between implementation and blacklisting both seem relevant.
  • Other than that, article seems comprehensive enough.

Source review

[edit]
  • Sources section should be alphabetized.
  • Mind the order of references. For example, you have [11][6] at one point.
  • Spotcheck:
  • 2a: Supported. "All analyzed panels are built with PHP, HTML, and JavaScript, and their core functionality focuses on credential theft. The panels use SQL-based databases to store information about the bots and stolen data."
  • 2b: I'm not seeing this on pages 508/509
  • 4b: Not fully supported. Our article says "Additionally, they are often bundled with compromised or malicious browser extensions, infected game mods, and pirated or otherwise compromised software." The source says "Malicious actors infect victims with infostealer malware using (most frequently) phishing emails, cracked and pirated software, game cheating packages, browser extensions, and cryptocurrencyrelated software[10, 20]." Although that supports most of the statement, "game cheating packages" is not a synonym of "game mods" (at least as one would access via Nexus and other platforms). A cheating package may also include a trainer or another memory-editing program like Cheat Engine.
  • 6b: Supported
  • 14a: Supported.

Conclusion

[edit]