Infostealer Malware Leaves 3.9 Billion Passwords Exposed, Warn Experts
A recent report by threat intelligence firm KELA has revealed a staggering breach involving infostealer malware, with nearly 3.9 billion passwords exposed in credential lists harvested from compromised systems. The findings, detailed in the firm’s state of cybercrime report released on February 20, paint a worrying picture of an increasingly sophisticated cyber threat landscape.
According to the report, over 4.3 million computers were infected by infostealer malware throughout 2024, leading to the compromise of approximately 330 million credentials. The data, sourced from dark web monitoring and malware log analysis, indicates that just three strains of the malware—Lumma, StealC, and Redline—were responsible for 75% of all infections.
KELA’s analysis highlights that the appeal of these infostealers lies in their efficiency and scalability. Cybercriminals are able to use these tools to amass vast quantities of both personal and corporate credentials, which are then circulated on underground marketplaces. These marketplaces not only facilitate further attack campaigns but also enable the sale of stolen credentials, perpetuating a cycle of cybercrime that spans activities from ransomware attacks to corporate espionage.
The report also reveals that nearly 40% of infected machines held credentials for sensitive corporate systems, including content management platforms, email accounts, Active Directory Federation Services, and remote desktop applications. This segment of the malware’s victims comprises almost 1.7 million bots and has led to the compromise of 7.5 million corporate credentials. Additionally, around 65% of the dataset consisted of personal computers that had stored corporate credentials, further underscoring the widespread impact of the breach.
In response to the escalating threat, KELA has issued several recommendations for individuals and organizations. These include implementing multi-factor authentication (MFA) across all accounts, isolating critical systems to minimize lateral movement in the event of a breach, and deploying advanced email filtering solutions to thwart phishing attempts. The agency warns that with cybercriminals continuously refining their tactics, the threat posed by infostealer malware is likely to intensify throughout 2025.
Authorities and cybersecurity professionals are urging immediate action to bolster defenses and protect sensitive data as the infostealer menace shows no signs of slowing down.
Photo Credit: DepositPhotos.com