Millions of debit and credit card details have been exposed on the dark web due to a surge in devices infected with data-stealing malware, according to cybersecurity firm Kaspersky.
Between 2023 and 2024, at least 2.3 million bank cards were compromised by infostealer malware and shared on the dark web. During this period, the malware infected 26 million Windows devices, with bank card information stolen in approximately 1 in 14 infections.
Kaspersky expert Sergey Shcherbel noted that the true number of infected devices is likely higher. Cybercriminals often release stolen data, such as log files, months or years after the initial infection, meaning compromised information continues to appear over time.
The most common infostealer malware in 2024 was Redline, responsible for 34% of all infections. Another fast-growing malware, Risepro, which targets banking details and passwords, saw a significant increase in infections, rising from 1.4% in 2023 to nearly 23% in 2024. Risepro also targets cryptocurrency wallets and spreads through software cracks, game mods, and key generators.
Kaspersky urges individuals and organizations to stay vigilant by monitoring bank notifications, enabling two-factor authentication, and conducting full security scans on all devices to protect against these threats.