The national cyber response agency has issued a warning to individuals, businesses and organisations about the increasing risk posed by information-stealing malware, known as “infostealers”.

The alert from CERT Tonga outlines how this type of malicious software can silently harvest sensitive data and lead to identity theft, financial loss or account takeovers.

Infostealers are designed to extract personal credentials, browser-stored data, email contents and other confidential information from infected devices without the user’s knowledge. Once gathered, this information may be sold on illicit markets or used by cybercriminals to impersonate victims or facilitate future attacks.

CERT Tonga emphasises that the stealthy nature of these programmes makes them difficult to detect after they have executed and often means they remove themselves to avoid discovery. Users are urged to remain vigilant and to implement defensive measures promptly.

The agency recommends practical controls such as using unique, complex passwords, enabling multi-factor authentication, and avoiding software downloads from unverified sources. Organisations should also deploy up-to-date antivirus solutions and watch for tell-tale signs of compromise such as unexpected account activity or unauthorised transactions.

“Infostealer malware continues to be one of the most common avenues of cyber-attack in the Pacific,” the advisory notes, underscoring regional relevance given similar alerts issued by other Pacific computer emergency response teams.

CERT Tonga encourages anyone who suspects their device has been impacted, or who requires assistance, to contact the authority directly for guidance on mitigation and recovery.