2 million bank cards leaked by malware

Kaspersky Digital Footprint Intelligence estimates that 2.3 million bank cards have been leaked to the dark web, based on data theft software logs over the period 2023-2024. On average, one in 14 infostealer infections led to credit card data theft, with nearly 26 million devices compromised, 9 million of which in 2024. Kaspersky has published its report on the infostealer threat landscape, just as the tech world is gathered at MWC 2025 in Barcelona.

Kaspersky experts estimate that around 2,300,000 bank cards have been leaked to the dark web. This conclusion is based on an analysis of malware data theft logs during the period 2023-2024, which were leaked in dark web markets. Although globally the percentage of leaked cards is less than 1%, 95% of the observed cases appear technically valid.

Infostealers are not only designed to steal financial data, but also to steal login details, cookies and other valuable user information. This data is collected in log files and then disseminated to the "underground" community of the dark web. An infostealer can infect a device if the victim unknowingly downloads and opens a malicious file, which may be presented as legitimate software, such as a video game "cheat" code. The software can be spread through phishing links, compromised websites, malicious email attachments or messaging applications, and many other ways. It targets both personal and corporate devices.

The data theft software threat landscape: 26 million devices compromised in 2023-2024

On average, one in 14 infostealer infections led to credit card data theft. Kaspersky Digital Footprint Intelligence experts found that nearly 26 million Windows devices were infected by various types of infostealers in the last two years.

"The actual number of infected devices is even higher. Stolen data is often leaked by cybercriminals, in the form of log files, months or even years after the initial infection, while data and other stolen information continues to appear on the dark web for a long time. Therefore, over time, infections from past years increase. We predict that the total number of devices infected by softwareinfostealer in 2024 will be between 20 and 25 million, while for 2023 the estimate is between 18 and 22 million," says Sergey Shcherbel, an expert at Kaspersky Digital Footprint Intelligence.

Beware of malware Redline, Risepro and Stealc

In 2024, Redline remained the most widespread infostealer, causing 34% of the total number of infections.

The largest increase in 2024 was recorded in infections caused by RisePro, whose share increased from 1.4% in 2023 to nearly 23% of all infections in 2024. "RisePro is a growing threat. It was first discovered two years ago but appears to be gaining momentum. This particular stealer mainly targets bank cards, passwords and cryptocurrency wallet details. It spreads disguised as a key generator, a crack for software or a mod for games," explains Sergey Shcherbel. Another fast-growing infostealer is Stealc, which appeared in 2023 and increased its share from about 3% to 13%.

You can learn more about the findings in the Kaspersky report. Given the growing threat of infostealers, Kaspersky has created a dedicated awareness page to raise awareness and inform about strategies that can be implemented to reduce the risks involved.

If you experience a data leak from infostealers, follow the steps below immediately:

• Act immediately if you suspect a leak of your bank card details: Monitor your bank's alerts, request a replacement card, and change your banking app or website password.
• Enable dual authentication and other verification methods. Some banks allow you to set spending limits for extra protection. If account and balance information has been leaked, be especially wary of phishing emails, fraudulent text messages and phone calls. Cybercriminals may target you with personalized attacks based on this information. When in doubt, contact your bank directly.
• Immediately change the passwords of compromised accounts and continue to monitor them to detect any suspicious activity.
• Perform a full security scan on all your devices and remove any malware detected.
• Companies are advised to proactively monitor dark web purchases to identify compromised accounts early before they endanger customers or employees. A detailed guide to setting up monitoring is available here. Use Kaspersky Digital Footprint Intelligence to track what cybercriminals know about your company's assets, identify potential attack vectors and implement protective measures in a timely manner.