We saw a rise in infostealer malware in 2024, with hackers using it to steal credentials, cryptocurrency, and other personal data from millions of users. If you recall, I reported countless incidents of an infostealer called Lumma preying on Android, Windows, and even iOS and Mac users.
A new cybersecurity report now highlights that hackers using Lumma, along with StealC, Redline, and other infostealers, infected 4.3 million machines in 2024, leading to an astonishing 330 million compromised credentials. Security researchers have also observed 3.9 billion credentials shared in credential lists that appear to be sourced from infostealer logs.
Infostealer-related attacks were on the rise in 2024
A cybersecurity report by threat intelligence platform KELA has uncovered a sharp rise in infostealer malware in 2024. Researchers also observed an alarming trend in how stolen data was circulated. Large compilations of credentials, often referred to as “credential lists,” were being shared across cybercrime forums. These lists, primarily sourced from infostealer logs, contained billions of login details harvested from infected devices.
One of the most notable incidents linked to infostealer malware was the breach of Snowflake, a cloud data storage provider. In April 2024, threat actors gained access to customer accounts using stolen login credentials, many of which were obtained through infostealers. Exploiting weak security practices, such as the absence of multi-factor authentication, attackers extracted valuable data and later attempted to sell it on underground markets. The breach affected at least 165 companies.
The KELA report highlights that hackers deploying Lumma, StealC, Redline, and other infostealers infected 4.3 million machines, leading to the compromise of 330 million credentials. Nearly 40 percent of these infected machines contained credentials for corporate systems, including content management platforms, email accounts, Active Directory Federation Services, and remote desktop environments. In total, this accounted for 1.7 million compromised bots and 7.5 million stolen credentials.
The report also found that 3.9 billion credentials were shared in credential lists that appear to be sourced from infostealer logs. KELA’s analysis suggests that almost 65 percent of infected devices were personal computers storing corporate credentials, making them a prime target for infostealer malware.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
2025 is not going to be any different
Infostealer malware is not going anywhere in 2025. With malware-as-a-service platforms on the rise and infostealers becoming more advanced, cybercriminals will likely keep using them as a go-to method for stealing credentials and gaining access to systems.
Law enforcement has been cracking down, though. In 2024, authorities managed to take down key parts of the infostealer ecosystem, including disrupting Redline, one of the most widely used infostealers. This showed that international agencies can go after not just the malware developers but also the networks and underground markets that keep these operations running.
But takedowns like these rarely put an end to the problem. When one major infostealer operation is shut down, others quickly step in to take its place. The constant demand for stolen credentials and the ability of cybercriminals to adapt means infostealer attacks will likely remain a major threat in 2025.
BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS – CYBERGUY PICKS
Four ways to stay safe from infostealer malware
With infostealer malware becoming a growing threat, protecting your data requires a mix of smart security habits and reliable tools. Here are five effective ways to keep your information safe.
1) Enable two-factor authentication (2FA): Even if your credentials are stolen, 2FA adds an extra layer of security by requiring a second form of verification, such as a code from an authentication app or biometric confirmation. Cybercriminals rely on stolen usernames and passwords to break into accounts, but with 2FA enabled, they cannot gain access without the additional security step. Make sure to enable 2FA on important accounts like email, banking, and work-related logins.
2) Use strong antivirus software and be cautious with downloads and links: Infostealer malware often spreads through malicious downloads, phishing emails, and fake websites. Avoid downloading software or files from untrusted sources, and always double-check links before clicking them. Attackers disguise malware as legitimate software, game cheats, or cracked applications, so it is best to stick to official websites and app stores for downloads.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
3) Use a password manager: Many infostealers target saved passwords in web browsers. Instead of relying on your browser to store credentials, use a dedicated password manager.
One of the best password managers out there is NordPass. It is secure, user-friendly and uses zero-knowledge and military-grade XChaCha20 encryption to protect your data. It supports Windows, macOS, Linux, Android, iOS, and major browsers while offering unlimited password storage, secure sharing, password health reports, data breach monitoring, auto-fill, and emergency access.
Get more details about my best expert-reviewed Password Managers of 2025 here.
4) Keep software updated: Cybercriminals exploit outdated software to deliver malware. Keeping your operating system, browsers, and security software up to date ensures that known vulnerabilities are patched. Enable automatic updates whenever possible, and install reputable antivirus or endpoint protection software that can detect and block infostealer threats before they compromise your system.
HOW TO FIGHT BACK AGAINST DEBIT CARD HACKERS WHO ARE AFTER YOUR MONEY
Kurt’s key takeaway
Given the surge in infostealer malware warnings, it is clear that cybercriminals are actively targeting passwords. Both organizations and individuals are urged to strengthen their security measures by enabling two-factor authentication (2FA), monitoring credential exposure, and using endpoint protection tools. While no security measure is completely foolproof, combining these practices can significantly reduce the risk of falling victim to infostealer malware.
Do you feel that companies are doing enough to protect your data from infostealer malware and other cyber threats? Let us know in the comments below.
TO GET MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.