Accordingly, on average, for every 14 devices infected with infostealer malware, one device will have its credit card information stolen. In total, nearly 26 million devices have been infected with this malware, of which the number has exceeded 9 million in 2024 alone. These figures were published by Kaspersky in a report on the threat from infostealer malware at the Mobile World Congress (MWC) 2025, held in Barcelona (Spain).
Kaspersky reports data-stealing malware leaks over 2 million bank cards
According to Kaspersky experts, about 2.3 million bank cards have been leaked on the dark web. This conclusion was made after analyzing log files from malware specializing in stealing data. It is known that this software was leaked on the dark web market in the period 2023-2024. Although the rate of leaked cards globally is less than 1%, 95% of the leaked cards are still valid and can be exploited for illegal purposes.
Infostealer malware not only collects financial information but also steals login credentials, cookies, and other important data. This data is then compiled into log files and sold on the dark web. This type of malware can infect a device when a user accidentally downloads and launches a malicious file, often disguised as legitimate software, such as a game cheat tool. Attackers can also spread the malware through phishing links, hacked websites, malicious attachments in emails or messaging apps. This data-stealing malware is not only a threat to individual users, but also a major threat to businesses when it can infiltrate employee devices.
26 million devices compromised in 2023 - 2024
On average, one in 14 devices infected with infostealer malware has had their credit card information stolen. Experts from Kaspersky Digital Footprint Intelligence found that nearly 26 million Windows devices were infected with various types of infostealer malware over the past two years.
Number of devices infected with data-stealing malware, 2020 - 2024
Photo: Kaspersky Digital Footprint Intelligence
“The actual number of infected devices could be much higher. Cybercriminals often release stolen data on the dark web as log files months or even years after the device is infected. This means that stolen information from previous years will continue to appear. According to our estimates, the total number of devices infected with infostealer malware in 2024 will range from 20 to 25 million, while the number in 2023 is estimated at 18 to 22 million,” said Sergey Shcherbel, an expert at Kaspersky Digital Footprint Intelligence.
If you discover that your personal data has been leaked due to infostealer malware, take the following steps immediately to minimize the risk:
- Enable two-factor authentication (2FA) and additional verification methods. Some banks also allow you to set spending limits for added protection. If your account or balance information has been compromised, be especially wary of fraudulent emails, texts, and calls. Attackers can use this information to launch targeted attacks against you. Also, in any situation that is unclear, contact your bank directly for verification.
- Immediately change passwords on affected accounts and closely monitor any suspicious activity related to those accounts.
- Scan the entire device with security software to detect and remove any remaining malware.
- Businesses are advised to proactively monitor dark web markets to promptly detect compromised accounts before they become a risk to customers or employees.
- Consider using Kaspersky Digital Footprint Intelligence to check what cybercriminals know about your system, identify vulnerabilities that can be exploited, and deploy timely protection measures.
Source: https://thanhnien.vn/canh-bao-ma-doc-danh-cap-du-lieu-lam-ro-ri-hon-2-trieu-the-ngan-hang-185250312143525256.htm
Comment (0)