Premium

Infostealer malware leaked over 2 million bank cards in 2024: Kaspersky report

Infostealer malware is a type of malicious software that has been designed to collect sensitive information.

The main objective of infostealer malware is to transfer stolen data to cybercriminals. (Image: FreePik)

It seems cyber threats continue to endanger financial security worldwide. A Kaspersky Digital Footprint Intelligence report has revealed that an estimated 2.3 million bank cards were leaked on the dark web between 2023 and 2024.

According to the report, on average, every 14th infostealer infection resulted in stolen credit card information, with around 26 million devices compromised, including over 9 million in 2024 alone. The Kaspersky report on the infostealer threat landscape comes at a time when the world is witnessing rapid technological advancements.

According to the cybersecurity provider, around 23,00,000 bank cards have been leaked on the dark web. The company said that this conclusion was based on an analysis of the log files from data-stealing malware between 2023 and 2024 that were leaked on the dark web market. “The actual number of infected devices is even higher. Cybercriminals often leak stolen data in the form of log files months or even years after the initial infection, and compromised credentials and other information continue to surface on the dark web over time. Therefore, the more time passes, the more infections from previous years we observe,” said Sergey Shcherbel, expert at Kaspersky Digital Footprint Intelligence.

Story continues below this ad

Shcherbel added that Kaspersky forecast the total number of devices infected with infostealer malware in 2024 to be between 20 million and 25 million, while for 2023, the estimate ranges between 18 million and 22 million.

What are infostealer malware, and how do they work?

As the name suggests, infostealer malware is a type of malicious software that has been designed to collect sensitive information from infected systems. Infostealer malware typically targets personal, business, and financial data. This data could also include passwords, credit card details, browsing history, and other valuable information. The main objective of infostealer malware is to transfer stolen data to cybercriminals who later use it for financial gains. Often, this data is used for identity theft or other malicious activities.

Also Read | India tops global list for mobile malware attacks: Zscaler Report

When it comes to operations, infostealer malware usually enters systems through phishing mails, emails with malicious attachments, or even by simply visiting compromised websites. Once they enter a system, they reportedly operate in the background, which makes it hard to detect them. This type of malware also deploys numerous methods to avoid being detected and even locate other vulnerable targets in a network. It also allows attackers to operate using commands remotely. Reportedly, the most sophisticated type of infostealer is modular, as they load targeted payloads after scanning for valuable data sources.

According to Kaspersky, infostealer malware not only extracts financial information but also credentials, cookies, and other valuable user data, which is compiled into log files and then distributed within the dark web community. In its latest report, Kaspersky said that an infostealer can infect a device if a victim unknowingly downloads and runs a malicious file.

Tags:
malware