Malware-as-a-Service (MaaS)
Also known as: MaaS, Stealer-as-a-service
Malware-as-a-service (MaaS) is a criminal business model in which malware authors rent or sell their software, infrastructure, and support to other criminals on a subscription basis. Most modern infostealers operate as MaaS, which is why credential theft has become industrialised.
What is malware-as-a-service?
MaaS mirrors legitimate software-as-a-service. Developers build and maintain malware, then lease it to "customers" (affiliates) through tiered subscriptions, complete with control panels, updates, and even customer support. This lowers the technical bar so that almost anyone can launch credential-theft campaigns.
Why MaaS drives the infostealer economy
Because the operator handles development and infrastructure, affiliates can focus purely on distribution and monetisation. The result is a large, decentralised network of campaigns sharing the same malware — producing the enormous volume of stealer logs seen in criminal marketplaces today.
Because MaaS scatters one malware family across many independent affiliates, VantaPrism monitors the distribution channels in aggregate, capturing logs regardless of which affiliate produced them.
Check Your Exposure arrow_forwardFrequently Asked Questions
Why is malware-as-a-service dangerous?
Related Terms
Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…
A stealer log is the package of data exfiltrated from a single device by infostealer malware. It typically contains s…
RedLine Stealer is an information-stealing malware (infostealer) sold as malware-as-a-service that harvests saved bro…
Lumma Stealer (LummaC2) is a malware-as-a-service infostealer that steals browser credentials, cookies, cryptocurrenc…
An initial access broker (IAB) is a cybercriminal who sells access to compromised networks and accounts to other atta…