This figure is determined based on the analysis of log files from data theft malware in the period of 2023-2024.
On average, for every 14 devices infected with Infostealer malware, one device will have its credit card information stolen. In total, nearly 26 million devices have been infected with this malware, of which in 2024 alone, the number has exceeded 9 million devices.
According to estimates by cybersecurity experts from Kaspersky, about 2.3 million bank cards have been leaked on dark web (blackweb).
This conclusion was made after analyzing log files from malware that specializes in stealing data.
It is known that these software were leaked on the dark web market in the period of 2023-2024. Although the global leak rate is below 1%, 95% of leaked cards are still valid and can be taken advantage of for illegal purposes.
Infostealer malware not only collects financial information but also steals login accounts, cookies and other important data. This data is then compiled into logs and sold on the dark web.
This type of malware can crash into the device when users accidentally download and launch a malicious file, often disguised as legal software, as a game scams tool.
attackers can also spread malware through fraudulent links, attacked websites, and malicious attachments in their emails or messaging apps.
This data-stealing malware not only threatens individual users but is also a major threat to businesses when it is possible to invade employees' devices.
If you discover that your personal data has been leaked due to Infostealer malware, take the following steps to minimize the risk:
- Take quick action if you suspect that your bank card information has been leaked: Pay attention to the notification from the bank, request to reissue a new card and change the password to log in to the bank application or website.
Activate two-factor authentication (2FA) and additional authentication methods. Some banks also allow setting spending limits to enhance protection. If your account or balance information is leaked, be especially vigilant against fraudulent emails, messages and calls.
attackers can take advantage of this information to carry out attacks targeting you. In addition, in any unclear situations, contact the bank directly for verification.
- Immediately change the passwords of affected accounts and closely monitor any suspicious activities related to those accounts.
- Scanning your entire device using security software to detect and remove any remaining malware.
- Businesses are recommended to proactively monitor the dark web market to promptly detect affected accounts before they become a risk to customers or employees.
