26 Million Devices Hit By Infostealers—Bank Cards Leaked To Dark Web

Update, March 6, 2025: This story, originally published March 4, has been updated with advice from Kaspersky as to what you should do if your stolen bank card data is leaked on the dark web.

Criminal marketplaces on the dark web, only accessible by way of a special web browser and often by invite only depending on the forum concerned, are selling full access to small businesses for $600 and access to insanely valuable healthcare data for $1,000 a pop. But it’s the threat from infostealer malware that is of most concern right now, not just in terms of the gargantuan number of passwords that are available in logs for sale, but the sheer number of stolen credit cards as well.

One such forum was seen offering to give away a million credit cards for free just as a marketing exercise, for goodness sake. Now Kaspersky threat intelligence specialists have revealed the extent to which infostealer malware and bank card theft go hand in hand.

Nearly 26 million devices were compromised by infostealer malware across 2023 and 2024, leading to the leak of more than 2 million unique bank card details, according to newly published research from the Kaspersky Digital Footprint Intelligence unit. Indeed, the Kaspersky analysts said that every 14th such infection led to bank card details being stolen. Of course, infostealers are designed to grab much more than debit or credit card data, the malware will go after any information it can find that could be deemed valuable. So, we more often hear about how campaigns compromise passwords, second-factor authentication cookies and the like. But it’s hard to ignore the bank card numbers when you see them in black and white like this.

That 26 million devices number related to those running Windows between the start of 2023 and the end of 2024, the Kaspersky report said. “The actual number of infected devices is even higher,” said Sergey Shcherbel, an expert at Kaspersky Digital Footprint Intelligence. “Cybercriminals often leak stolen data in the form of log files months or even years after the initial infection, and compromised credentials and other information continue to surface on the dark web over time.”

The more time that passes, the more infections from previous years are observed. “We forecast the total number of devices infected with infostealer malware in 2024 to be between 20 million and 25 million,” Shcherbel explained, “while for 2023, the estimate ranges between 18 million and 22 million.”

Redline malware was the most widespread infostealer, accounting for some 34% of all infections across 2024, but the biggest surge came from Risepro which saw its share increase from just 1.4% in 2023 to 23% in 2024. First discovered two years ago, Risepro appears to be gaining momentum, and then some. “The stealer primarily targets banking card details, passwords and cryptocurrency wallet data,” Shcherbel said, “and may be spreading under the guise of key generators, cracks for various software and game mods.”

What To Do If Your Stolen Bank Card Data Is Leaked On The Dark Web

Although there are plenty of services, including many that are free to use, that will scan the dark web for your email and uncover if it has appeared in breach logs that are available on criminal marketplaces, these aren’t the same as checking for credit card details. There are some dark web monitoring services that include financial checks, but these are mostly subscription based. A

Actually discovering if your credit card details have been compromised and leaked to the dark web isn’t straightforward, but the presence of other information that would be compromised by infostealer malware is a good starting point for concern. Kaspersky advised that you should act promptly if you suspect your bank card details are leaked and monitor bank notifications, reissue the card and change your bank app or website password.

Consumers should also enable two-factor authentication as a matter of course, whether they think their accounts may have been compromised or not. “If account and balance details are leaked,” Kaspersky said, “be extra vigilant against phishing emails, fraudulent SMS and calls.” This is because criminal hackers and scammers might consider you a prime victim for targeted attacks based on just this kind of information.