Dark web data leak exposes millions of bank cards: Kaspersky analysis
On average, every 14th infostealer infection results in stolen credit card information, with nearly 26 million devices compromised by infostealers, including more than 9 million in 2024 alone. Kaspersky released its report on the infostealer threat landscape while the technology world gathers at MWC 2025 in Barcelona.
Kaspersky experts estimate that approximately 2,300,000 bank cards have been leaked on the dark web.
This conclusion is based on an analysis of the log files from data-stealing malware, dated 2023-2024, that were leaked on the dark web market. While globally the share of leaked cards is well below 1%, 95% of the observed numbers appear technically valid.
Infostealer malware is not only designed to extract financial information, but also credentials, cookies and other valuable user data, which is compiled into log files and then distributed within the dark web underground community.
An infostealer can infect a device if a victim unknowingly downloads and runs a malicious file, for example one disguised as legitimate software, such as a game cheat. It can be spread through phishing links, compromised websites, malicious attachments in emails or messengers and various other methods. It targets both personal and corporate devices.
Data-stealer threat landscape: 26 million devices found to be compromised over 2023-2024
On average, every 14th infostealer infection results in stolen credit card information. Kaspersky Digital Footprint Intelligence experts found that nearly 26 million devices running Windows were infected with various types of infostealers in the past two years.
The number of infections with data-stealing malware, 2020-2024. Source: Kaspersky Digital Footprint Intelligence
'The actual number of infected devices is even higher. Cybercriminals often leak stolen data in the form of log files months or even years after the initial infection, and compromised credentials and other information continue to surface on the dark web over time. Therefore, the more time passes, the more infections from previous years we observe. We forecast the total number of devices infected with infostealer malware in 2024 to be between 20 million and 25 million, while for 2023, the estimate ranges between 18 million and 22 million,' says Sergey Shcherbel, an expert at Kaspersky Digital Footprint Intelligence.
Beware of Redline, Risepro and Stealc stealers
In 2024, Redline remained the most widespread infostealer, accounting for 34% of the total number of infections.
The most significant surge in 2024 was in infections caused by Risepro, whose share of total infections increased from 1.4% in 2023 to almost 23% in 2024.
'RisePro is a growing threat. It was first discovered two years ago, but seems to be gaining momentum. The stealer primarily targets banking card details, passwords and cryptocurrency wallet data, and may be spreading under the guise of key generators, cracks for various software and game mods,' explains Shcherbel.
Another rapidly growing stealer is Stealc, which first appeared in 2023 and increased its share from nearly 3% to 13%.
In light of this growing infostealer threats, Kaspersky has launched a dedicated landing page to raise awareness of the issue and provide strategies for mitigating associated risks. Learn more in the report.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Gulf Today
20 hours ago
- Gulf Today
What's obsolete and what's not these days
Working in an office 30 years ago was vastly different from what it's like now. In fact, working in one 30 years ago was hugely different from working in one in the 60s and 70s! In the 60s and 70s there were no computers and the one sound you could hear when walking into any office was the unison tapping of the typewriter keys by rows upon rows of female clerks. They had reams of paper, an in-tray, an out-tray and correction fluid to rectify mistakes during the typing process. This was also the case in the early 80s because computers had not been introduced into the workplace until the late 80s, that is, as far as I can recall. Computers first came with a floppy disk drive but then were replaced with a flash drive, or memory stick, and these are now replaced with the cloud. The cloud or Google drive is something I'm not too keen on. If you think about it, how safe is your information on these really? I assure you, it's not up in a cloud. I started working in 1989 and although I'd seen computers in the university's 'computer room' (yes, that's what it was called back then), the first time I actually saw one in use in an office was in 1989 and it didn't come with Windows or Word. And since the computer, we also seem to have done away with a Rolodex, the icon of the 80s, diaries and Filofaxes, also icons of the 80s, and physical calendars, for the most part. I can tell you that the most exciting part of ringing in the New Year was getting diaries at work. In one place I worked in the UK, two diaries were offered, a desk one plus a pocket one for managers to take to meetings. Syncing both was something I tried to do but it was always challenging. Now I challenge you to find a diary with ease. Anyone recording appointments now does it on Google Calendars on their device or computer both of which are automatically synced unless you tell it otherwise. The computer has become the most powerful tool since the internet because now we no longer need a fax machine, a piece of electric hardware that sat in everyone's office. Designed to send and receive documentation there and then but perish the thought that the recipient's machine had run out of paper or, worse, he forgot to plug it in! Other than the fax, we communicated by picking up the landline which, although is still around, it isn't really used to get in touch with people anymore. Now you either WhatsApp them, email them, ring their mobile from your mobile or you video conference with them no matter where in the world you both might be. But when the internet wasn't that widely used and few people had mobiles, doctors and employees who spent a lot of time out of the office were issued with pagers which are probably now sitting in the museum of electronic arts (I just made that up). Walk back in time and you will see filing cabinets up to the ceiling housing documents going back decades. Of course, now they've all been digitised. Some folk think that you'd be hard-pressed to find a stapler or a hole-puncher now but I don't think that's the case. I still think both of these items have their uses today. You can still buy printer paper and a printer because many entities still need them as part of their core process. Legal documents, for example, need to be printed and signed. Degrees need to be printed and signed before being awarded to students and let's not forget paper for artists to paint and draw on. Watercolour paper is either bound, stapled or glued down. Its cover is printed with a design. This also goes for watercolour paints. They come in both tubes and pans and each pan is individually wrapped in paper that's the colour of the paint and printed with its information which means a printer is also needed. So you see, although many things are now obsolete, there are some that are essential, like paper for example.
Zawya
a day ago
- Zawya
Kaspersky highlights biometric and signature risks with attempts increasing by 21.2% in the UAE
Kaspersky has detected and blocked over 142 million phishing link clicks globally in Q2 2025, the UAE saw a 21.2% increase from Q1 in phishing attempts. Currently phishing is going through a shift driven by sophisticated AI-powered deception techniques and innovative evasion methods. Cybercriminals are exploiting deepfakes, voice cloning and trusted platforms like Telegram and Google Translate to steal sensitive data, including biometrics, electronic signatures and handwritten signatures, posing unprecedented risks to individuals and businesses. AI-powered tactics transforming phishing attacks AI has elevated phishing into a highly personalized threat. Large language models enable attackers to craft convincing emails, messages and websites that mimic legitimate sources, eliminating grammatical errors that once exposed scams. AI-driven bots on social media and messaging apps impersonate real users, engaging victims in prolonged conversations to build trust. These bots often fuel romantic or investment scams, luring victims into fake opportunities with AI-generated audio messages or deepfake videos. An example of a phishing email created with DeepSeek (left) and an example of a phishing website created with AI (right) Attackers also create realistic audio and video deepfake impersonations of trusted figures — colleagues, celebrities or even bank officials — to promote fake giveaways or extract sensitive information. For instance, automated calls mimicking bank security teams use AI-generated voices to trick users into sharing two-factor authentication (2FA) codes, enabling account access or fraudulent transactions. Additionally, AI-powered tools analyze public data from social media or corporate websites to launch targeted attacks, such as HR-themed emails or fake calls referencing personal details. Employing new tactics to bypass detection Phishers are deploying sophisticated methods to gain trust, exploiting legitimate services to prolong their campaigns. For instance, Telegram's Telegraph platform, a tool to publish long texts, is used to host phishing content. Google Translate's page translation feature generates links that look like and are used by attackers to bypass security solutions' filters. A phishing page mimicking an Office document hosted on Telegraph (left) and an example of a phishing page hidden behind a URL provided by Google Translate (right) Attackers now also integrate CAPTCHA, a common anti-bot mechanism, into phishing sites before directing users to the malicious page itself. By using CAPTCHA, these fraudulent pages deflect anti-phishing algorithms, as the presence of CAPTCHA is often associated with trusted platforms, lowering the likelihood of detection. A switch in hunting: from logins and passwords to biometrics and signatures The focus has shifted from passwords to immutable data. Attackers target biometric data through fraudulent sites that request smartphone camera access under pretexts like account verification, capturing facial or other biometric identifiers that cannot be changed. These are used for unauthorized access to sensitive accounts or sold on the dark web. Similarly, electronic and handwritten signatures, critical for legal and financial transactions, are stolen via phishing campaigns impersonating platforms like DocuSign or prompting users to upload signatures to fraudulent sites, posing significant reputational and financial risks to businesses. ' The convergence of AI and evasive tactics has turned phishing into a near-native mimic of legitimate communication, challenging even the most vigilant users. Attackers are no longer satisfied with stealing passwords — they're targeting biometric data, electronic and handwritten signatures, potentially creating devastating, long-term consequences. By exploiting trusted platforms like Telegram and Google Translate, and co-opting tools like CAPTCHA, attackers are outpacing traditional defenses. Users must stay increasingly skeptical and proactive to avoid falling victim,' said Olga Altukhova, security expert at Kaspersky. Detailed information is available in a report on Earlier in 2025 Kaspersky detected a sophisticated targeted phishing campaign which was dubbed Operation ForumTroll, as attackers sent personalized phishing emails inviting recipients to the 'Primakov Readings' forum. These lures targeted media outlets, educational institutions and government organizations in Russia. After clicking on the link in the email, no additional action was needed to compromise their systems: the exploit leveraged a previously unknown vulnerability in the latest version of Google Chrome. The malicious links were extremely short-lived to evade detection and in most cases ultimately redirected to the legitimate website for 'Primakov Readings' once the exploit was taken down. To be protected from phishing, Kaspersky recommends: Verify unsolicited messages, calls, or links, even if they appear legitimate. Never share 2FA codes. Scrutinize videos for unnatural movements or overly generous offers, which may indicate deepfakes. Deny camera access requests from unverified sites and avoid uploading signatures to unknown platforms. Limit sharing sensitive details online, such as document photos or sensitive work information. Use Kaspersky Next (in corporate environments) or Kaspersky Premium (for individual use) to block phishing attempts. About Kaspersky Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at
Tahawul Tech
a day ago
- Tahawul Tech
AI-powered tactics are transforming phishing attacks
Kaspersky has detected and blocked over 142 million phishing link clicks globally in Q2 2025, the UAE saw a 21.2% increase from Q1 in phishing attempts. Currently phishing is going through a shift driven by sophisticated AI-powered deception techniques and innovative evasion methods. Cybercriminals are exploiting deepfakes, voice cloning and trusted platforms like Telegram and Google Translate to steal sensitive data, including biometrics, electronic signatures and handwritten signatures, posing unprecedented risks to individuals and businesses. AI-powered tactics transforming phishing attacks AI has elevated phishing into a highly personalised threat. Large language models enable attackers to craft convincing emails, messages and websites that mimic legitimate sources, eliminating grammatical errors that once exposed scams. AI-driven bots on social media and messaging apps impersonate real users, engaging victims in prolonged conversations to build trust. These bots often fuel romantic or investment scams, luring victims into fake opportunities with AI-generated audio messages or deepfake videos. Attackers also create realistic audio and video deepfake impersonations of trusted figures — colleagues, celebrities or even bank officials — to promote fake giveaways or extract sensitive information. For instance, automated calls mimicking bank security teams use AI-generated voices to trick users into sharing two-factor authentication (2FA) codes, enabling account access or fraudulent transactions. Additionally, AI-powered tools analyse public data from social media or corporate websites to launch targeted attacks, such as HR-themed emails or fake calls referencing personal details. Employing new tactics to bypass detection Phishers are deploying sophisticated methods to gain trust, exploiting legitimate services to prolong their campaigns. For instance, Telegram's Telegraph platform, a tool to publish long texts, is used to host phishing content. Google Translate's page translation feature generates links that look like and are used by attackers to bypass security solutions' filters. Attackers now also integrate CAPTCHA, a common anti-bot mechanism, into phishing sites before directing users to the malicious page itself. By using CAPTCHA, these fraudulent pages deflect anti-phishing algorithms, as the presence of CAPTCHA is often associated with trusted platforms, lowering the likelihood of detection. A switch in hunting: from logins and passwords to biometrics and signatures The focus has shifted from passwords to immutable data. Attackers target biometric data through fraudulent sites that request smartphone camera access under pretexts like account verification, capturing facial or other biometric identifiers that cannot be changed. These are used for unauthorised access to sensitive accounts or sold on the dark web. Similarly, electronic and handwritten signatures, critical for legal and financial transactions, are stolen via phishing campaigns impersonating platforms like DocuSign or prompting users to upload signatures to fraudulent sites, posing significant reputational and financial risks to businesses. 'The convergence of AI and evasive tactics has turned phishing into a near-native mimic of legitimate communication, challenging even the most vigilant users. Attackers are no longer satisfied with stealing passwords — they're targeting biometric data, electronic and handwritten signatures, potentially creating devastating, long-term consequences. By exploiting trusted platforms like Telegram and Google Translate, and co-opting tools like CAPTCHA, attackers are outpacing traditional defences. Users must stay increasingly sceptical and proactive to avoid falling victim', said Olga Altukhova, security expert at Kaspersky. Detailed information is available in a report on Earlier in 2025 Kaspersky detected a sophisticated targeted phishing campaign which was dubbed Operation ForumTroll, as attackers sent personalized phishing emails inviting recipients to the 'Primakov Readings' forum. These lures targeted media outlets, educational institutions and government organisations in Russia. After clicking on the link in the email, no additional action was needed to compromise their systems: the exploit leveraged a previously unknown vulnerability in the latest version of Google Chrome. The malicious links were extremely short-lived to evade detection and in most cases ultimately redirected to the legitimate website for 'Primakov Readings' once the exploit was taken down. To be protected from phishing, Kaspersky recommends: Verify unsolicited messages, calls, or links, even if they appear legitimate. Never share 2FA codes. Scrutinise videos for unnatural movements or overly generous offers, which may indicate deepfakes. Deny camera access requests from unverified sites and avoid uploading signatures to unknown platforms. Limit sharing sensitive details online, such as document photos or sensitive work information. Use Kaspersky Next (in corporate environments) or Kaspersky Premium (for individual use) to block phishing attempts. Image Credit: Kaspersky
