As much as 2.3 million bank cards were leaked on the dark web during 2023, according to new analysis of data-stealing malware log files by cybersecurity provider Kaspersky.
Almost 26 million devices are compromised by infostealers, including more than nine million in 2024 alone, according to a new Kaspersky report on the infostealer threat landscape.
As the technology world gathers at MWC 2025 in Barcelona, Kaspersky experts estimate that while globally the share of leaked cards is well below one percent, 95 per cent of the observed leaked bank card numbers appear technically valid.
Infostealer malware is designed to extract financial information, as well as credentials, cookies and other valuable user data, which is compiled into log files and then distributed within the dark web underground community. An infostealer can infect a device if a victim unknowingly downloads and runs a malicious file, for example, one disguised as legitimate software, such as a game cheat. It can also be spread through phishing links, compromised websites, malicious attachments in emails or messengers and various other methods.
On average, every 14th infostealer infection results in stolen credit card information. Kaspersky Digital Footprint Intelligence experts found that nearly 26 million devices running Windows were infected with various types of infostealers in the past two years.
“The actual number of infected devices is even higher,” says Sergey Shcherbel, an expert at Kaspersky Digital Footprint Intelligence. “Cybercriminals often leak stolen data in the form of log files months or even years after the initial infection, and compromised credentials and other information continue to surface on the dark web over time. Therefore, the more time passes, the more infections from previous years we observe.
“We forecast the total number of devices infected with infostealer malware in 2024 to be between 20 million and 25 million, while for 2023, the estimate ranges between 18 million and 22 million.”
Combatting emerging threats
In 2024, Redline remained the most widespread infostealer, accounting for 34 per cent of the total number of infections. The malware, which can be found for sale on the dark web, harvests information from browsers, such as saved credentials, autocomplete data, and credit card information.
The most significant surge in 2024 was in infections caused by Risepro, whose share of total infections increased from 1.4 per cent in 2023 to almost 23 per cent in 2024.
“RisePro is a growing threat,” explains Shcherbel. “It was first discovered two years ago but seems to be gaining momentum. The stealer primarily targets banking card details, passwords and cryptocurrency wallet data, and may be spreading under the guise of key generators, cracks for various software and game mods.”
Another rapidly growing stealer is dubbed Stealc, which first appeared in 2023 and increased its share from nearly three per cent to 13 per cent.
In light of the growing infostealer threat, the cybersecurity company aims to raise awareness of the issue and provide strategies for mitigating associated risks. Kaspersky says that if users encounter a data leak through infostealers, they should take the following steps:
- Act promptly if you suspect your bank card details are leaked: monitor bank notifications, reissue the card and change your bank app or website password. Enable two-factor authentication and other verification methods. Some banks allow setting spending limits for added protection. If account and balance details are leaked, be extra vigilant against phishing emails, fraudulent SMS and calls. Cybercriminals might consider you a victim for targeted attacks based on this information. Contact your bank directly in unclear situations.
- Change compromised account passwords and monitor for suspicious activity associated with those accounts.
- Run full security scans on all devices, removing any detected malware.
