A recent investigation revealed that about 2.3 million bank card details have been leaked to the dark web over the past two years.
CAS Corporation announced on the 12th that its Digital Footprint Intelligence team has released the results of an analysis of data breach malware log files from 2023 to 2024.
The investigation found that approximately 2.3 million bank card details were leaked to the dark web during that period, with over 26 million devices infected with infostealers. One in 14 average infostealer infections led to the theft of credit card information. In particular, more than 9 million devices were reported to have been infected over the past year.
Infostealer malware is characterized by its design to extract user data, including financial information, credentials, and cookies. The collected information is organized into log files and later leaked in dark web communities. Infostealers can infect a victim's device if they download and execute a malicious file. They may also disguise themselves as legitimate software to gain access.
Sergey Shchebel, a Digital Footprint Intelligence expert, noted, "The actual number of infected devices is higher," and stated, "Cybercriminals often leak stolen data in the form of log files months or even years after the theft." He emphasized that, "Leaked credentials and other information are being discovered over time on the dark web."
Prominent malware types that steal user information include Redline, RizePro, and Steelmates. Redline accounted for 34% of all infections last year, representing the largest share. RizePro saw its infection rate increase significantly from 1.4% in 2023 to 23% last year, marking the largest growth. Steelmates, which first appeared in 2023, increased its infection rate from 3% to 13% during the same period.
CAS Corporation advised that immediate action is necessary if data breaches occur due to infostealers. It is crucial to check notifications from banks to reissue cards and change passwords for banking apps or websites. Activating two-factor authentication (2FA) and other security verification methods, as well as promptly removing detected malware, are also essential.