Thursday, July 9, 2026
  • About
  • Advertise
  • Careers
  • Contact
NewsTrendsKE
  • Business
    • Deals
  • OpEds
  • Sustainability
  • Women in Business
  • Lifestyle
  • Featured
  • Technology
    • Phones
  • Sports
  • World
  • Contact Us
No Result
View All Result
NewsTrendsKE
No Result
View All Result

Home » Technology » Kaspersky: 35% of infostealer infections begin with users running files directly from temporary folders

Kaspersky: 35% of infostealer infections begin with users running files directly from temporary folders

Queen Amber by Queen Amber
3 weeks ago
in Technology
Reading Time: 4 mins read
A A
NewsTrendsKE with APO News Updates
Share on FacebookShare on TwitterShare on WhatsApp
Kaspersky

New research by Kaspersky Digital Footprint (DFI) (www.Kaspersky.co.za) has discovered that more than one-third of infostealer infections start when users run files directly from temporary browser folders, showing that user behaviour remains a key factor behind credential theft. Just 32% of infostealer attacks use process injection and living‑off‑the‑land techniques — behaviour typical of advanced malware families. 

Also Read

Dr. Shannon Shibata Germanos, Head of Global Health at Proximie, Patricia Ithau,M-PESA Foundation Trustee, Dr. Michael Mwachiro, President of the Surgical Society of Kenya and Peter Mwarogo, Kilifi County Executive Committee Member for Health and Sanitation Services during the Digital Operating Room launch at Kilifi County Referral Hospital.

M-Pesa Foundation & Proximie to advance neonatal health through tele-surgery

9 July 2026
KAPTAGAT INTEGRATION CONSERVATION

President Ruto To Headline 10th Kaptagat Integration Conservation Climax This Saturday

9 July 2026
Load More

Kaspersky DFI researchers analysed 5 million infostealer log files discovered on the dark web in 2025. These logs, which contain data stolen from compromised devices such as account credentials, browser cookies and system metadata, also revealed the original locations of malicious files on infected machines. 

The most common location was the Windows temporary directory, C:UsersAppDataLocalTemp, which accounted for approximately 35% of all observed cases. This folder is commonly used to store files downloaded from the Internet before they are explicitly saved by a user: a significant share of infections occurs when users directly launch downloaded files, without attackers relying on sophisticated evasion techniques.  

The second most common location, responsible for about 32% of cases, was C:WindowsMicrosoft.NETFramework. This path is associated with process injection and living-off-the-land techniques, in which malware abuses legitimate system processes to evade detection. Such behaviour is commonly observed in more advanced infostealer families, including Lumma (https://apo-opa.co/4efwnHn). 

The analysis indicates that infections are often linked to two risky user actions: downloading software from untrusted sources and attempting to activate software illegally. In many cases, victims follow instructions provided by threat actors and disable security software before running malicious files. According to the research, many malicious files were disguised as legitimate software installers, activators or game modifications. While game mods remain a common lure, attackers frequently adapt the same techniques to distribute virtually any type of software.  

“Infostealers surged (https://apo-opa.co/4oxo3pT) in 2025, with infections rising 59% year over year. Our analysis shows that user behaviour remains a key factor behind many of these compromises. The volume of infostealers executed from temporary download folders suggests that users often launch them immediately after downloading. In many cases, attackers do not need sophisticated techniques, they simply need to convince a user to run a file,” said Sergey Shcherbel, expert at Kaspersky Digital Footprint Intelligence.  

Beyond behavioural traits, distinct naming patterns were also observed across infostealer families. Lumma tends to favour generic installer names, .NET obfuscation and process injection. Vidar, in turn, typically appears as Bootstrapper.exe variants relying on conventional loaders. Stealc follows a mixed strategy, using both meaningful names like Licence_Version_Loader.exe and randomly generated filenames. RisePro, by contrast, stands out through recurring conventions such as MPGPH.exe and MSIUpdater.exe. 

The full report is available here (https://apo-opa.co/4xE67OE). 

To reduce the risk of infostealer infections, Kaspersky recommends businesses do the following: 

  • Adopt a comprehensive digital risk protection service that monitors organisations’ digital assets and detects threats across the surface, deep and dark web such as Kaspersky Digital Footprint Intelligence (https://DFI.Kaspersky.com/). 
  • ​Provide your InfoSec professionals with an in-depth visibility into cyberthreats targeting your organisation. The latest Kaspersky Threat Intelligence (https://apo-opa.co/3SML38o) provides them with rich and meaningful context across the entire incident management cycle and helps them identify cyber risks in a timely manner. 

To stay safe users are recommended to: 

  • Download software only from official and trusted sources, avoiding pirated software, cracks, activators and unofficial installers. 
  • Use a strong security solution on all computers and mobile devices, such as Kaspersky Premium (https://apo-opa.co/4vUrWrA). It will warn you about potential threats and prevent infection. 
  • Manage sensitive data securely: avoid storing passwords or recovery phrases in your photo gallery or notes; instead, use a dedicated, trusted password manager such as Kaspersky Password Manager (https://apo-opa.co/4vSYt0Y). 
  • Never disable antivirus or security tools to install software and exercise caution when downloading game mods, cheats or third-party utilities. 
  • Keep operating systems and applications updated, use strong, unique passwords and enable multi-factor authentication wherever possible. 

Distributed by APO Group on behalf of Kaspersky.

For further information please contact:
Nicole Allman
nicole@inkandco.co.za

Follow us:
Facebook: https://apo-opa.co/4fRBlvi
X: https://apo-opa.co/4oz3aL7
YouTube: https://apo-opa.co/4oAEvpq
Instagram: https://apo-opa.co/4oyNure
Blog: https://apo-opa.co/4vfetKK

About Kaspersky: 
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Innovating the industry with a Cyber Immunity approach, Kaspersky safeguards consumers, businesses, critical infrastructure, and governments from cyberthreats, with over a billion devices protected to date. Kaspersky ensures Cybersecurity True to Business, focusing on providing clear outcomes, protecting revenue, easing workloads and preventing downtime. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services for organizations of every size, from small businesses to large enterprises, combining proven AI-driven protection technologies with simple management and expert support. Recognized in independent tests and trusted by millions of individuals worldwide and nearly 200,000 organizations, Kaspersky helps detect threats earlier, respond faster and operate with greater confidence and freedom, protecting what matters most to our clients. Learn more at www.Kaspersky.co.za. 

Media files
Kaspersky
Download logo
Previous Post

Society of Petroleum Engineers (SPE) Africa and African Energy Chamber (AEC) Sign Strategic Agreement to Advance Technical Excellence Across Africa’s Energy Sector

Next Post

Stanbic Bank Kenya, Simba Corporation Launch 100% Asset Financing to Ease Business Cost Pressures

Related Posts

Dr. Shannon Shibata Germanos, Head of Global Health at Proximie, Patricia Ithau,M-PESA Foundation Trustee, Dr. Michael Mwachiro, President of the Surgical Society of Kenya and Peter Mwarogo, Kilifi County Executive Committee Member for Health and Sanitation Services during the Digital Operating Room launch at Kilifi County Referral Hospital.
Health

M-Pesa Foundation & Proximie to advance neonatal health through tele-surgery

9 July 2026
KAPTAGAT INTEGRATION CONSERVATION
Sustainability

President Ruto To Headline 10th Kaptagat Integration Conservation Climax This Saturday

9 July 2026
KCB, Mastercard Roll Out New Islamic Finance Payment Solution in Kenya
Technology

KCB, Mastercard Roll Out New Islamic Finance Payment Solution in Kenya

8 July 2026
NewsTrendsKE with APO News Updates
APO News

Gold Fields’ Benford Mokoatle to Shape Gold Investment Agenda at African Mining Week

8 July 2026
Kenya seal

Kenya’s Public Seal Custody Moves from Attorney General to Head of Public Service

21 May 2025
KCB, Mastercard Roll Out New Islamic Finance Payment Solution in Kenya

KCB, Mastercard Roll Out New Islamic Finance Payment Solution in Kenya

8 July 2026
William Ruto

President William Ruto has signed the landmark Sovereign Wealth Fund Bill, 2026 into law

8 July 2026

KCSE 2025 KNEC Results Online-Only Access

9 January 2026
Close-up Portrait of Software Engineer Working on Computer, Line of Code Reflecting in Glasses. Developer Working on Innovative e-Commerce Application using Big Data Concept

How Kenya’s fintech ecosystem is driving Africa-leading shareholder returns

7 July 2026
NewsTrendsKE with APO News Updates

Africa Finance Corporation Returns to Global Capital Markets with US$500 Million Eurobond, Achieving Record-Tight Pricing and Central Bank Participation

2 July 2026
NewsTrendsKE

NewsTrendsKE

A News Blog For Readers Who Want More

Follow us on social media:

  • About
  • Advertise
  • Careers
  • Contact

©2026 NewsTrendsKE.

No Result
View All Result
  • Business
    • Deals
  • OpEds
  • Sustainability
  • Women in Business
  • Lifestyle
  • Featured
  • Technology
    • Phones
  • Sports
  • World
  • Contact Us

©2026 NewsTrendsKE.

Go to mobile version