Ransomware gets the headlines, but in 2026 the malware quietly doing the most damage to Irish small businesses is the infostealer. Lumma, RedLine, and their successors do not encrypt anything. They harvest saved passwords, session cookies, and crypto wallets, then sell the bundle on. The first sign of trouble is often someone else logging in as you.
How They Get In
Cracked software, fake browser updates, malicious ads, and phishing attachments. One click on a poisoned installer and the stealer runs once, exfiltrates everything in the browser, and deletes itself. The whole thing takes seconds.
Why Cookies Beat Passwords
A stolen password can be stopped by multi factor authentication. A stolen session cookie often cannot, because it represents an already authenticated session. Attackers replay the cookie and walk straight past your MFA. That is why infostealers are so effective against otherwise well defended accounts.
The Irish SME Angle
Small firms lean heavily on shared logins, personal devices, and SaaS tools with no central control. One compromised laptop can expose the company Microsoft 365 tenant, the accounting platform, and the customer database all at once.
Defending Against Them
Block known stealer infrastructure at the DNS layer. Enforce phishing resistant MFA and shorten session lifetimes. Ban cracked software with policy and technical controls. Roll out endpoint detection that flags credential access behaviour. Most importantly, treat any stealer infection as a full credential reset, not a quick clean up.
Written by Shreesh, Shamrock Security