Infostealer malware leaks 2.3m bank cards, compromises 26 million devices: report
LAHORE: Nearly 2.3 million bank cards have been leaked on the dark web, with one in every 14 infostealer infections resulting in stolen credit card data. Over 26 million devices have been compromised by infostealers, including more than 9 million in 2024 alone, says Kaspersky.
According to estimates from Kaspersky Digital Footprint Intelligence, based on an analysis of data-stealing malware logs from 2023-24, infostealer malware is not only designed to extract financial information but also credentials, cookies and other valuable user data. This stolen information is compiled into log files and distributed within underground dark web communities.
An infostealer can infect a device when a victim unknowingly downloads and runs a malicious file disguised as legitimate software. It can spread through phishing links, compromised websites, malicious email attachments and other deceptive methods, targeting both personal and corporate devices.
In 2024, Redline remained the most widespread infostealer, accounting for 34 per cent of infections. However, the most significant surge was seen in RisePro, whose share of total infections jumped from 1.4 per cent in 2023 to nearly 23 per cent in 2024.
“RisePro is a growing threat. First discovered two years ago, it now appears to be gaining momentum. The stealer primarily targets banking card details, passwords, and cryptocurrency wallet data and may spread under the guise of key generators, software cracks, and game mods,” explained Sergey Shcherbel, an expert at Kaspersky Digital Footprint Intelligence. Another rapidly growing infostealer, Stealc, first appeared in 2023 and increased its share from 3.0 per cent to 13 per cent.
In response to the rising infostealer threat, Kaspersky has launched a dedicated webpage to raise awareness and provide risk mitigation strategies. If affected by a data leak, users are advised to monitor bank notifications, reissue their bank cards, change banking app or website passwords, enable two-factor authentication, and conduct full security scans to remove malware. Companies are also urged to proactively monitor dark web markets to detect compromised accounts.
“The actual number of infected devices is likely even higher,” noted Shcherbel. “Cybercriminals often leak stolen data months or even years after the initial infection, meaning compromised credentials continue to surface over time. We estimate that by the end of 2024, between 20 million and 25 million devices will be infected with infostealer malware, while for 2023, the number ranges between 18 million and 22 million.”
-
Trump Trolls European Leaders With AI Map Showing Greenland As U.S. Territory -
AI Vs Reality: How Deepfakes Are Warping Story Of Maduro’s US Capture -
Why Ryan Coogler Got Worried After Pitching 'Sinners' To Michael B Jordan -
Princess Diana's Brother Shares Emotional Post After Prince Harry Returns To UK Without Meghan, Archie, Lilibet -
'Disgraced' Andrew Gets Away With Major Double Standard Over Royal Lodge -
Carson Beck Girlfriend Rumours Explained Amid CFP Championship Run -
Sean Penn's 'very Human Reality' Leaves Madonna Horrified -
Fernando Mendoza Girlfriend: Is The Indiana QB Dating Anyone? -
King Charles' Decision 'not Good Look' For Prince Harry Amid UK Court Case -
South Korea Announces First Set Of New Space Technologies -
Jimmy Butler: Warriors Star Awaits MRI Results After Knee Injury -
Blake Lively Gushes Over Ryan Reynolds Amid Feud With BFF Taylor Swift -
Prince William 'furious' At Meghan Markle, Harry -
Church Under Investigation After Anti-ICE Protest Interrupts Worship -
UK Govt Tightens School Rules On Phones And Social Media -
Fernando Mendoza’s Mom Steals Hearts After Indiana Wins National Championship