Cybercriminals Shift From Fake Login Pages to Infostealer Malware in Phishing Attacks

The report warns that cybercriminals are increasingly replacing fake login-page phishing with infostealer malware that covertly harvests passwords, session cookies, autofill data, crypto-wallets and files — enabling MFA bypass and large-scale account takeovers. It attributes this trend to the rise of malware-as-a-service and affiliate-driven distribution through malvertising, fake updates, pirated software, shady extensions, and ClickFix social-engineering tactics, and recommends basic hygiene: avoid pirated downloads and unknown commands, skip sponsored ads, and verify sources before clicking.