Date: March 7, 2025

Executive Summary

In an alarming cybersecurity incident, a colossal 26 million devices were infiltrated by infostealer malware over the period stretching from 2023 to 2024. This breach has resulted in the leakage of over 2 million unique bank card details onto dark web marketplaces. The infostealer malware, which acted as the primary attack vector, targeted a spectrum of sensitive personal data, including passwords, authentication cookies, and bank card information. This report delves into the specifics of this breach, the malware involved, the methodologies of exploitation, and the subsequent recommendations for mitigation.

Technical Information

The Kaspersky Digital Footprint Intelligence report identified infostealers as the main culprits behind numerous data breaches. Redline malware emerged as the most prevalent, accounting for 34% of infections in 2024. Its ability to siphon data such as bank card details, passwords, and cryptocurrency wallet information makes it a formidable threat. Another infostealer, Risepro, witnessed a significant surge, escalating from 1.4% in 2023 to 23% in 2024. This malware specifically targets online banking details and passwords, marking a concerning trend in malware evolution.

Dark web marketplaces are thriving with data leaks, selling access to compromised small businesses and healthcare data. Infostealer malware logs, laden with bank card information, are readily available for purchase, exacerbating the risk of financial and identity theft. These logs are primarily distributed through criminal forums, which facilitate the spread of stolen data, increasing the risk of further exploitation.

Infostealers predominantly propagate through key generators, software cracks, and game mods, making them attractive vectors for cybercriminals looking to infiltrate systems. This widespread distribution method has contributed to the scale of the breach, affecting a vast number of devices globally.

Mitigation and response strategies are imperative to combat such threats. Kaspersky recommends immediate action if bank card data is suspected to be leaked. This includes monitoring bank notifications, reissuing compromised cards, and changing passwords. Two-factor authentication is advocated for enhanced security, adding an additional layer of protection against unauthorized access.

Corporate incident response should encompass verifying compromised accounts, enforcing password resets, conducting antivirus scans, and enabling multi-factor authentication. These measures can significantly reduce the risk of further data breaches and safeguard sensitive information from malicious entities.

Devices running Windows operating systems between 2023 and 2024 were primarily targeted, highlighting the need for updated cybersecurity protocols and vigilant monitoring. Organizations are urged to implement multi-factor authentication across all platforms to mitigate unauthorized access. Regularly monitoring dark web marketplaces for potential data breaches is also recommended, alongside educating employees and consumers about the risks of phishing and the importance of secure password practices.

References

For further reading and detailed insights, refer to the original Forbes article: 26 Million Devices Hit By Infostealers—Bank Cards Leaked To Dark Web. Additionally, the Kaspersky Digital Footprint Intelligence Report provides a comprehensive analysis of the malware involved and recommended mitigation strategies.

Rescana is here for you

Rescana is dedicated to assisting you in navigating these cybersecurity challenges. Our Third-Party Risk Management (TPRM) platform is designed to help identify, assess, and mitigate risks associated with third-party vendors, ensuring your organization remains secure in an increasingly vulnerable digital landscape. Should you have any questions regarding this report or any other cybersecurity concerns, please do not hesitate to reach out to us at ops@rescana.com. We are here to support you in safeguarding your data and maintaining robust cybersecurity defenses.