A new report from cyber firm KELA exposes a massive surge in infostealer malware, which has compromised 3.9 billion credentials from millions of infected devices. Researchers warn that stolen login data is fueling cybercrime, putting both individuals and businesses at risk.
Cybercriminals actively trade these stolen credentials on dark web forums, giving threat actors easy access to personal accounts, corporate systems, and financial platforms. KELA’s findings indicate that a staggering 330 million credentials have been stolen as infostealer infections hit 4.3 million devices in 2024.
As stolen login data circulates among hackers, the risk of account takeovers, identity theft, and large-scale security breaches continues to grow.
What is infostealer malware?
Infostealer malware is a silent but devastating cyber threat that infiltrates devices and extracts sensitive data, often without victims realizing it.
These programs target login credentials, financial information, browser cookies, and autofill data across devices. Unlike traditional cyberattacks that rely on brute force or phishing, infostealers quietly harvest and export data in bulk. This allows cybercriminals to evade security measures and gain direct access to accounts.
According to KELA’s report, the top three infostealers strains — Lumma, StealC, and RedLine — were responsible for over 75% of infected machines. These malware variants spread through malicious downloads and phishing links, covertly embedding into devices.
Businesses at risk as employee credentials go up for sale
Cybercriminals are monetizing stolen credentials at an unprecedented scale, putting firms in the crosshairs.
Once installed, infostealer malware steals vast amounts of sensitive data, which is then sold or exploited on underground markets. KELA’s report tracked 5,230 victims whose compromised corporate logins have been leaked, fueling a growing economy of breached accounts.
These stolen credentials are increasingly used in extortion campaigns, where attackers demand payment to prevent data leaks or disrupt business operations. Cybercriminals use employee logins to penetrate networks, steal proprietary information, and even launch ransomware attacks.
3 ways to protect your company from infostealer attacks
Businesses are already paying the price for leaked credentials, whether through financial fraud, data breaches, or unauthorized access to critical systems. Cybercriminals are turning stolen logins into a commodity, giving attackers direct access to enterprise systems and sensitive data.
The longer companies go without addressing infostealer risks, the greater the chance of a costly security breach.
You must take immediate action to protect your business:
- Deploy endpoint detection and response (EDR) tools to identify and block infostealer infections.
- Follow multi-factor authentication (MFA) best practices to prevent unauthorized access.
- Use threat intelligence solutions to detect stolen credentials.
Relying on passwords alone is no longer enough — real-time monitoring and proactive defense are imperative. The cost of inaction is far greater than the investment in cybersecurity.
