Infostealer Malware Surge: Bank Cards and Passwords at Risk

A new report by Kaspersky Digital Footprint Intelligence has revealed that infostealer malware has compromised nearly 26 million devices between early 2023 and the end of 2024. This alarming surge in cyberattacks has resulted in the leakage of over 2 million unique bank card details, with one in every 14 infections leading to stolen financial data.

Infostealer malware—a type of malicious software designed to extract sensitive information—is emerging as one of the biggest cybersecurity threats today. This malware is not only adept at harvesting bank card information but also capable of capturing passwords, second-factor authentication cookies, and other credentials, putting personal data and digital security at high risk.

Rising Threats and Evolving Malware

Kaspersky’s report highlights a worrying trend: while some malware strains remain dominant, others have rapidly gained traction. Redline continues to be the most widespread, accounting for 34.36% of all infections. However, newer strains like RisePro and Stealc have seen significant increases. RisePro, for instance, jumped from 1.4% of infections in 2023 to 22.45% in 2024, while Stealc’s share increased from 2.65% to 13.33%.

By August 2024, researchers estimated that infostealer malware had already infected around 15.9 million devices in 2023. As of March 2025, that figure climbed to 16.49 million, with new log files continuously emerging on dark web platforms—suggesting that the true scale of these attacks could be even higher than reported. The data indicates that 2024 may soon surpass 2023 in terms of infection numbers, underlining the rapid spread of these cyber threats.

The Booming Infostealer Economy

The underground economy surrounding infostealer malware is thriving, with these tools often sold as subscription-based services. Hackers can pay monthly fees to access these malware-as-a-service offerings, making it easier for even less technically skilled criminals to launch sophisticated data-stealing operations. This booming market underscores how lucrative and accessible cybercrime has become.

Protecting Your Digital Assets

In light of these growing threats, cybersecurity experts stress the importance of taking proactive measures to safeguard sensitive information. Here are six recommended strategies to protect bank cards and passwords:

1. Install Robust Antivirus Software: Regularly update antivirus programs on all devices to detect and remove malware. Frequent scans and timely updates can help block malicious links and prevent phishing attacks.
2. Use Virtual Cards for Online Payments: Instead of using your physical bank card online, opt for virtual cards which generate temporary card numbers to minimize risk.
3. Enable Transaction Alerts and Spending Limits: Set up real-time alerts and daily limits to quickly identify and respond to unauthorized transactions.
4. Avoid Storing Card Details in Browsers: Infostealers often target autofill data in web browsers. Use a secure password manager instead of saving payment information directly in your browser.
5. Adopt Strong, Regularly Updated Passwords: Utilize a password manager to create and store robust passwords. Complement this practice with additional authentication methods such as Face ID or Touch ID.
6. Invest in Personal Data Removal Services: Although no service can remove all online data, professional data removal tools can help reduce your digital footprint by monitoring and eliminating personal information from multiple sources.

A Call for Increased Vigilance

The rapid rise of infostealer malware is a stark reminder that even the most cautious users can fall victim to well-orchestrated cyberattacks. As the threat landscape continues to evolve, both individuals and organizations must adopt a proactive approach to digital security. Enhancing user awareness, maintaining robust security software, and implementing best practices for online transactions are critical steps to counter these emerging threats.

Photo Credit: DepositPhotos.com