The National Cybersecurity Center (CNCS) warned of the growing threat of infostealerswhich steal sensitive data, and called for the implementation of preventive measures, according to a statement released this Tuesday, November 4th.
“In 2025, around 80% of the malicious code detected by CERT.PT was of the type infostealer – a threat that collects sensitive data on computer devices, such as access credentials to personal or professional accounts, data stored in browsers, or emails and other documents”he highlighted, on the same note.
According to the CNCS, these infostealers represent “particular challenges”, since their use “reduces the initial cost of intrusion into digital infrastructures and calls into question good protection practices, such as the use of strong passwords”.
Like this, “and because it is a growing problem” which implies reinforcement of security measures, the CNCS made available on its website “information that includes the characterization of the most frequent attack vectors, the ways in which this type of program collects data and best practice recommendations for organizations and individuals”.
“All public and private entities, in particular those that facilitate remote access to their networks and information systems, need to be aware of the risks associated with infostealers and protect yourself against this threat that potentiates other cyberattacks with greater impact on networks and information systems”he highlighted.
If identified, the entity said, “It is important to highlight that entities should not limit themselves to forcing the change of captured passwords, as electronic devices may still be infected with the infostealer”.
The CNCS pointed out techniques such as phishingtechniques for optimizing results in search engines, advertising content, programs and games, publications on social networks and others as drivers for the installation of ‘infostealers’.
The organization made several recommendations to entities and individuals, such as “use or browser in incognito mode by default, automatically remove cookies e tokens periodically, limit autofill functions and avoid saving account access credentials in the browser”.
He further suggested “do not click links suspects, windows pop-up or download files or software from internet pages of unknown or dubious origin.”as well as “do not store professional account credentials in a personal password manager” and use multi-factor authentication, among others, available on site of the entity.