• Advisory: Protecting Personal Devices from Infostealer Malware

    Information stealer(Infostealer) malware is a malicious software used by cybercriminals to unlawfully obtain victims' information, notably passwords. Per the threat researcher at the Department of Information Resources (DIR), Infostealer malware incidents are increasing, targeting personal devices and compromising sensitive data such as banking details, social media credentials, work accounts, and personal information. This poses a serious risk to both the integrity of our institution and your personal privacy.

    To mitigate this risk, it is imperative that you take immediate action to protect your personal devices. Here are some steps you should follow:

    1. Apply Pending Operating System Updates

    2. Ensure that your device's operating system is up to date by installing any pending updates. These updates often contain patches for security vulnerabilities that malware exploits to infiltrate devices. Set your devices to automatically update if possible, and regularly check for updates manually.

    3. Perform Antivirus Scans

    4. Run a full antivirus scan on your personal devices using reliable software such as Microsoft Defender. This will help detect and remove any Infostealer malware that may already be present on your device. Make sure your antivirus definitions are also up to date to effectively identify the latest threats.

    5. In the event that malware is detected and removed from the system, it is advised that affected users change their passwords for all credentials and accounts stored on the compromised system. All session cookies/tokens should also be revoked since the malware can also steal cookies/tokens to stay logged in and bypass two-factor authentication (2FA). 

    6. Exercise Caution Online

    7. Be vigilant while browsing the internet, opening emails, or downloading files. Avoid clicking on suspicious links or downloading attachments from unknown sources. Infostealer malware often infiltrates devices through phishing emails or malicious websites.

    8. Secure Your Accounts

    9. Enable two-factor authentication (2FA) on all your accounts whenever possible. This adds an extra layer of security and makes it more difficult for attackers to gain unauthorized access to your accounts, even if they have obtained your credentials through malware.

    10. Backup Your Data

    11. Regularly back up important files and documents to a secure location such as an external hard drive or cloud storage. In the event that your device is compromised by malware, having backups will allow you to restore your data without losing valuable information.

    Please prioritize the implementation of these measures to safeguard both your personal information and the security of the Plano ISD. Infostealer malware poses a serious threat that requires immediate attention and proactive steps to mitigate its impact.