Background img

Malware pathways:
An analysis of infostealer locations in infected file systems

Infostealers remain one of the most widespread and rapidly evolving categories of malware. For 2025, Kaspersky Digital Footprint Intelligence analyzed over 5 million log files containing information about paths to malicious files.

Get the report

  • ~ 22,5M
    the infection forecast for 2025

  • Installing software from untrusted sources -
    The key factor in infection

  • ~35%
    of stealers were hiding in \AppData\Local\Temp\ directory

Our analysis of published log files sheds light on the volume and nature of user device infections, as well as how these devices became infected in the first place. The report examines:

  • The most common directories where malware is located
  • Techniques for disguising malware as legitimate system and user files
  • Typical names of malicious executable files
  • Relationships between file names, distribution methods, and specific infostealer families
  • Real-world user-infection scenarios

The report’s takeaways and findings are relevant to all users of modern workstations, from individual readers to employees of large corporations, government agencies, small and medium-sized businesses.

This is the third part in our series on infostealer threats.
Follow the links to read the first and second parts.

Get the full report