'Cyber plague': Experts warn of growing infostealer threat after billions of login details exposed

Cybersecurity experts are raising concerns over a significant surge in cybercriminal activities aimed at stealing and selling online passwords. This warning comes in the wake of the alarming discovery of datasets containing billions of compromised account credentials. Recent reports indicate that 30 datasets have revealed a staggering 16 billion login credentials from various platforms, including major players like Apple, Google, and Facebook. The findings, initially reported by Cybernews researchers last week, were uncovered by Volodymyr Diachenko, co-founder of the cybersecurity firm Security Discovery. He suspects that these leaks are the result of efforts by multiple cybercriminal groups. "These datasets have been on my radar since the start of this year, and they all exhibit a similar structure of URLs, usernames, and passwords," Diachenko shared with CNBC. He pointed out that the leaked information is likely the result of 'infostealers'—a type of malware designed to extract sensitive data from devices, including login credentials, credit card numbers, and browser information. Despite the likelihood that many of the exposed logins are duplicates or outdated, the sheer volume of compromised data highlights the extent of sensitive information circulating online. Diachenko referred to infostealers as the "cyber plague" of our time, emphasizing that many users are currently experiencing data breaches without their knowledge. The exposed data was made detectable because its owners had inadvertently indexed it online without proper security measures. Security Discovery often identifies such data leaks, but the scale seen this year is unprecedented. Simon Green, president of Asia-Pacific and Japan at Palo Alto Networks, described the scope of the 16 billion exposed credentials as alarming yet not shocking for cybersecurity professionals. He noted that modern infostealers employ advanced evasion techniques, making them difficult to detect and combat. This has led to a rise in high-profile infostealer attacks, including a malicious campaign disclosed by Microsoft Threat Intelligence that impacted nearly 1 million devices globally in March. Infostealers typically infiltrate victims’ devices by luring them into downloading the malware, often hidden in phishing emails, fraudulent websites, or deceptive search engine ads. The primary motive behind these attacks is financial, with criminals seeking to hijack bank accounts, credit cards, or cryptocurrency wallets, or engage in identity theft. Stolen credentials can also be exploited for crafting personalized phishing attacks or extorting individuals and organizations. Green highlighted that the threat landscape has become more severe, driven by the rise of underground markets that facilitate "cybercrime-as-a-service," where vendors offer malicious tools and sensitive data for sale. These underground platforms, often found on the dark web, create a continuous demand for personal information, turning data breaches into a complex web of compromised identities that fuel further cyberattacks. Diachenko believes that some of the compromised datasets he identified may be traded among online scammers. Additionally, malware kits and tools to execute infostealer attacks are readily available in these markets, significantly lowering the barriers for aspiring cybercriminals and enabling sophisticated attacks on a global scale. Statistics show that infostealer attacks surged by 58% in 2024. As malware threats become more prevalent, experts like Ismael Valenzuela from Arctic Wolf suggest that it is increasingly likely for individuals to encounter infostealer threats at some point. To mitigate risks, Valenzuela advises frequent password changes, greater vigilance against malware in dubious software, and the necessity of multi-factor authentication. From a corporate perspective, he stresses the importance of implementing a "zero trust architecture" that continuously verifies user identities, devices, and behaviors. In response to the growing menace of infostealing, governments have stepped up their efforts. In May, Europol's European Cybercrime Centre announced a collaborative initiative with Microsoft and global authorities to disrupt the notorious "Lumma" infostealer, deemed one of the most significant threats in the infostealer landscape.