Just when we thought we heard it all, cybersecurity firm Kaspersky has said that, more than 2.3 million bank cards were leaked in the dark web between 2023 and 2024. This disturbing stat symbolizes the increasing menace of “infostealer” malware, crafted to steal sensitive user-data.
There appears to be a mix of valid and deactivated cards (presumably 20% and 80%, but it’s a random strawman), but over the years, some of these cards were technically valid.
Their data showed that – on average reports every 14th infostealer infection leads to stolen credit card info. The scale of this threat is huge, and includes almost 26 million devices being targeted by infostealers in the past two years – with more than 9 million at risk in 2024 alone.
It’s not just financial data that infostealer malware goes after. These malware families are designed to steal a variety of valuable user data, such as credentials, cookies, and cryptocurrency wallet information.
That pilfered data is aggregated into “log files” and passed around the underground groups of the dark web, where it can be purchased by criminals for all sorts of nefarious uses.
Kaspersky researchers stressed that the total number of infected devices is probably much bigger, because cyber criminals generally dump the data they have stolen months or years after the infection, meaning more and more compromised data will continue to be poured on the dark web.
According to the report, Redline was the most widely used infostealer in 2021, and accounted for 34% of all detected infections. But other variants, such as Risepro, which went from 1.4% of infections in 2023 to nearly 23% in 2024, have exploded.
Risepro seems to have a particular fascination with banking card information, passwords and cryptocurrency wallet info ranging into the millions, and commonly propagates as a fake version of legitimate software (such as game cheats or cracks).
Kaspersky has called on the public and business owners to improve their cyber defense lines in the face of this increasing threat. For individuals, recommended immediate actions include checking for bank notifications of transactions, reissuing compromised cards, changing bank app and website passwords and enabling two-factor authentication.
Items you should be taking actions now to protect again is monitoring the dark web market for compromised accounts in the event that an account becomes compromised and remains open, customers or employees are at risk.
