Infostealer malware leaks 2.3m bank cards, compromises 26 million devices: report

LAHORE: Nearly 2.3 million bank cards have been leaked on the dark web, with one in every 14 infostealer infections resulting in stolen credit card data. Over 26 million devices have been compromised by infostealers, including more than 9 million in 2024 alone, says Kaspersky.

According to estimates from Kaspersky Digital Footprint Intelligence, based on an analysis of data-stealing malware logs from 2023-24, infostealer malware is not only designed to extract financial information but also credentials, cookies and other valuable user data. This stolen information is compiled into log files and distributed within underground dark web communities.

An infostealer can infect a device when a victim unknowingly downloads and runs a malicious file disguised as legitimate software. It can spread through phishing links, compromised websites, malicious email attachments and other deceptive methods, targeting both personal and corporate devices.

In 2024, Redline remained the most widespread infostealer, accounting for 34 per cent of infections. However, the most significant surge was seen in RisePro, whose share of total infections jumped from 1.4 per cent in 2023 to nearly 23 per cent in 2024.

“RisePro is a growing threat. First discovered two years ago, it now appears to be gaining momentum. The stealer primarily targets banking card details, passwords, and cryptocurrency wallet data and may spread under the guise of key generators, software cracks, and game mods,” explained Sergey Shcherbel, an expert at Kaspersky Digital Footprint Intelligence. Another rapidly growing infostealer, Stealc, first appeared in 2023 and increased its share from 3.0 per cent to 13 per cent.

In response to the rising infostealer threat, Kaspersky has launched a dedicated webpage to raise awareness and provide risk mitigation strategies. If affected by a data leak, users are advised to monitor bank notifications, reissue their bank cards, change banking app or website passwords, enable two-factor authentication, and conduct full security scans to remove malware. Companies are also urged to proactively monitor dark web markets to detect compromised accounts.

“The actual number of infected devices is likely even higher,” noted Shcherbel. “Cybercriminals often leak stolen data months or even years after the initial infection, meaning compromised credentials continue to surface over time. We estimate that by the end of 2024, between 20 million and 25 million devices will be infected with infostealer malware, while for 2023, the number ranges between 18 million and 22 million.”