Talk:Infostealer
Infostealer is currently a Computing and engineering good article nominee. Nominated by Sohom (talk) at 14:42, 17 August 2024 (UTC) An editor has placed this article on hold to allow improvements to be made to satisfy the good article criteria. Recommendations have been left on the review page, and editors have seven days to address these issues. Improvements made in this period will influence the reviewer's decision whether or not to list the article as a good article. Short description: Malicious software used to steal information |
This article is rated B-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||
|
Readability review
[edit]Howdy! Just going to leave some suggestions for improvement, as I offered to do on discord :) this is only for the lead and first section, as i got tired and would rather post something than nothing.
- First paragraph: "session cookies" isn't widely understood and "threat actor" is jargon
Infostealers usually consist of two parts: the bot framework that allows the attacker to configure the behaviour of the infostealer on the victim's computer, and a management panel that takes the form of a server to which the infostealer sends data.
Not sure these are great definitions for "bot framework" and "management panel"Infostealers are usually distributed under the malware-as-a-service (MaaS) model, where developers allow other parties to use their infostealers for subscription fees.
Might want to make the distinction between the use and distribution of infostealers a bit more clear, since they both involve "sending" infostealer somewhere- Overview question: what differentiates infostealers from malware in general?
- Does the management interface function as a web server, or operate on the same web server the infostealer sends information back to?
Hope this helps :) theleekycauldron (talk • she/her) 05:43, 4 September 2024 (UTC)
GA Review
[edit]GA toolbox |
---|
Reviewing |
- This review is transcluded from Talk:Infostealer/GA1. The edit link for this section can be used to add comments to the review.
Nominator: Sohom Datta (talk · contribs) 14:42, 17 August 2024 (UTC)
Reviewer: Crisco 1492 (talk · contribs) 14:33, 24 November 2024 (UTC)
Image review
[edit]- No images.
Prose review
[edit]- Article seems a bit top heavy. Any way to refine the lede a bit more?
- often for amounts as low as $10 - What currency?
- Overall, prose is very tight in the article body.
Comprehensiveness
[edit]- Article feels very ahistorical. You mention that some of the earliest infostealers were detected and researched in 2009, but there are also statements like "The management interface, usually written in traditional web development languages like PHP, HTML, and JavaScript,[2] is typically hosted on the commercial cloud infrastructure". Given that commercial cloud infrastructure has only been a thing in the past decade or so, obviously there has been a shift in typical infostealer behaviour, but one doesn't get how that happened. Is there perhaps any historical information that could be added?
- A couple things in the sources seem potentially beneficial. The fact that there are desktop interfaces, rather than web-based ones, and the lag between implementation and blacklisting both seem relevant.
- Other than that, article seems comprehensive enough.
Source review
[edit]Sources section should be alphabetized.Mind the order of references. For example, you have [11][6] at one point.- Spotcheck:
- 2a: Supported. "All analyzed panels are built with PHP, HTML, and JavaScript, and their core functionality focuses on credential theft. The panels use SQL-based databases to store information about the bots and stolen data."
- 2b: I'm not seeing this on pages 508/509
- 4b: Not fully supported. Our article says "Additionally, they are often bundled with compromised or malicious browser extensions, infected game mods, and pirated or otherwise compromised software." The source says "Malicious actors infect victims with infostealer malware using (most frequently) phishing emails, cracked and pirated software, game cheating packages, browser extensions, and cryptocurrencyrelated software[10, 20]." Although that supports most of the statement, "game cheating packages" is not a synonym of "game mods" (at least as one would access via Nexus and other platforms). A cheating package may also include a trainer or another memory-editing program like Cheat Engine.
- 6b: Supported
- 14a: Supported.
Conclusion
[edit]- Overall, this seems to be close to meeting the criteria. Good job! — Chris Woodrich (talk) 14:33, 24 November 2024 (UTC)
- Hi Sohom Datta, any news? If there is no movement on these issues, I will have to close this as failed. — Chris Woodrich (talk) 01:04, 5 December 2024 (UTC)
- Gimme until the end of next week, I'm at the end of my semester, so I haven't had much time to look at this. sorry I wasn't communicative about it :( Sohom (talk) 03:06, 5 December 2024 (UTC)
- Alright, sounds good. — Chris Woodrich (talk) 03:25, 5 December 2024 (UTC)
- Hi @Crisco 1492 @Sohom Datta! Did a minor fix for Source Review to help the GAN. Alphabetized the sources and resolved the order of the references - you can strikethrough if it's all good. RFNirmala (talk) 13:00, 8 December 2024 (UTC)
- Thank you, RFNirmala. Stricken. — Chris Woodrich (talk) 13:22, 8 December 2024 (UTC)
- Gimme until the end of next week, I'm at the end of my semester, so I haven't had much time to look at this. sorry I wasn't communicative about it :( Sohom (talk) 03:06, 5 December 2024 (UTC)
- Hi User:Sohom Datta, have you had a chance to revisit this? — Chris Woodrich (talk) 18:45, 23 December 2024 (UTC)
- Good article nominees
- Good article nominees currently on hold
- Good article nominees on review
- B-Class Computer Security articles
- Low-importance Computer Security articles
- B-Class Computer Security articles of Low-importance
- B-Class Computing articles
- Low-importance Computing articles
- All Computing articles
- All Computer Security articles