26 Million Devices Hit By Infostealers—Bank Cards Leaked To Dark Web
A staggering 26 million devices were compromised by infostealer malware across 2023 and 2024, leading to the leak of more than 2 million unique bank card details, according to a newly published research from the Kaspersky Digital Footprint Intelligence unit.
Infostealers are malicious software designed to grab valuable information from infected devices, including passwords, credit card data, and cryptocurrency wallet information. The malware has been linked to some of the largest dark web marketplaces, where stolen data is sold for a hefty price.
The Extent Of Infostealer Malware
A recent study by Kaspersky revealed that nearly 1 in every 14 infostealer infections resulted in bank card details being leaked to the dark web. This alarming statistic highlights the significant threat posed by infostealer malware, which has been spreading rapidly across Windows devices between January 2023 and December 2024.
Rise Of Risepro Malware
The most widespread infostealer, Redline, accounted for around 34% of all infections in 2024. However, the biggest surge came from Risepro malware, which saw its share increase from just 1.4% in 2023 to a whopping 23% in 2024.
Risepro appears to be gaining momentum, and its primary target is banking card details, passwords, and cryptocurrency wallet data. The malware may spread under the guise of key generators or cracks for various software and game mods.
What To Do If Your Stolen Consumer Bank Card Data Is Leaked On The Dark Web
If your stolen consumer bank card data is leaked on the dark web, it's essential to act promptly. Kaspersky advises that you should monitor bank notifications, reissue the card, change your bank app or website password, and enable two-factor authentication as a matter of course.
Furthermore, be extra vigilant against phishing emails, fraudulent SMS, and calls, as criminal hackers and scammers may target you based on just this kind of information. Kaspersky's step-by-step response guide for corporate account compromise is also available to help organizations respond to such incidents effectively.
Kaspersky's Step-By-Step Response Guide For Corporate Account Compromise
The Kaspersky incident response guide is split into three distinct categories: Category 1, where a single compromised account is detected; Category 2, where multiple compromised accounts are identified; and Category 3, where sensitive data, such as financial information or personally identifiable information, is exposed.
Protecting Yourself From Infostealer Malware
While the threat of infostealer malware is significant, there are steps you can take to protect yourself. Enable two-factor authentication for all accounts, monitor bank notifications regularly, and keep your devices and software up-to-date with the latest security patches.
Moreover, be cautious when using public Wi-Fi networks or accessing sensitive information online, as these may pose a higher risk of infection from infostealer malware. By taking these precautions, you can significantly reduce the risk of falling victim to this malicious software.