InfoStealer Malware Leaks 2 Million Bank Card Details, Targets Crypto Users

InfoStealer malware, a category of malware designed to extract sensitive data from infected devices without the victim’s knowledge, is on the rise. This malware targets people and organizations across digital finance and beyond, extracting passwords, session cookies, crypto wallet details, and other valuable personal information. According to Kaspersky, these malware campaigns leaked over 2 million bank card details last year, and that number is only growing.

These tools are widely available via the malware-as-a-service model, where cybercriminals can access advanced malware platforms that offer dashboards, technical support, and automatic data exfiltration to command-and-control servers for a subscription fee. Once stolen, data is sold on dark web forums, Telegram channels, or private marketplaces. The damage from an InfoStealer infection can go far beyond a single compromised account, leading to identity theft, financial fraud, and unauthorized access to other services, especially when credentials are reused across platforms.

Recent reports indicate that dark web actors claim to have over 100,000 pieces of user information from platforms like Gemini and Binance. Binance’s internal data echoes this trend, with a significant uptick in the number of users whose credentials or session data appear to have been compromised by InfoStealer infections. These infections do not originate from Binance but affect personal devices where credentials are saved in browsers or auto-filled into websites.

InfoStealer malware is often distributed via phishing campaigns, malicious ads, trojan software, or fake browser extensions. Once on a device, it scans for stored credentials and transmits them to the attacker. Common distribution vectors include phishing emails with malicious attachments or links, fake downloads or software from unofficial app stores, game mods and cracked applications shared via Discord or Telegram, malicious browser extensions or add-ons, and compromised websites that silently install malware (drive-by downloads). Once active, InfoStealers can extract browser-stored passwords, autofill entries, clipboard data (including crypto wallet addresses), and even session tokens that allow attackers to impersonate users without knowing their login credentials.

Some signs that might suggest an InfoStealer infection on your device include unusual notifications or extensions appearing in your browser, unauthorized login alerts or unusual account activity, unexpected changes to security settings or passwords, and sudden slowdowns in system performance. Over the past 90 days, several prominent InfoStealer malware variants have been observed targeting Windows and macOS users. For Windows users, RedLineBL--, LummaC2, Vidar, and AsyncRAT have been particularly prevalent. RedLine Stealer is known for gathering login credentials and crypto-related information from browsers. LummaC2 is a rapidly evolving threat with integrated techniques to bypass modern browser protections such as app-bound encryption. It can now steal cookies and crypto wallet details in real time. Vidar Stealer focuses on exfiltrating data from browsers and local applications, with a notable ability to capture crypto wallet credentials. AsyncRAT enables attackers to monitor victims remotely by logging keystrokes, capturing screenshots, and deploying additional payloads. Recently, cybercriminals have repurposed AsyncRAT for crypto-related attacks, harvesting credentials and system data from compromised Windows machines.

For macOS users, Atomic Stealer has emerged as a significant threat. This stealer can extract infected devices’ credentials, browser data, and cryptocurrency wallet information. Distributed via stealer-as-a-service channels, Atomic Stealer exploits native AppleScript for data collection, posing a substantial risk to individual users and organizations using macOS. Other notable variants targeting macOS include Poseidon and Banshee. In response to these threats, Binance monitors dark web marketplaces and forums for leaked user data, alerts affected users, initiates password resets, revokes compromised sessions, and offers clear guidance on device security and malware removal. The infrastructure remains secure, but credential theft from infected personal devices is an external risk that everyone faces. This makes user education and cyber hygiene more critical than ever.

Users and the crypto community are urged to be vigilant to prevent these threats by using antivirus and anti-malware tools and running regular scans. Some reputable free tools include Malwarebytes, Bitdefender, Kaspersky, McAfee, Norton, Avast, and Windows Defender. For macOS users, consider using the Objective-See suite of anti-malware tools. Lite scans typically don’t work well since most malware self-deletes the first-stage files from the initial infection. Always run a full disk scan to ensure thorough protection. Practical steps to reduce exposure to this and many other cybersecurity threats include enabling two-factor authentication (2FA) using an authenticator app or hardware key, avoiding saving passwords in your browser, considering using a dedicated password manager, downloading software and apps only from official sources, keeping your operating system, browser, and all applications up to date, periodically reviewing authorized devices in your account and removing unfamiliar entries, using withdrawal address whitelisting to limit where funds can be sent, avoiding using public or unsecured WiFi networks when accessing sensitive accounts, using unique credentials for each account and updating them regularly, following security updates and best practices from trusted sources, and immediately changing passwords, locking accounts, and reporting through official support channels if malware infection is suspected.

The growing prominence of the InfoStealer threat is a reminder of how advanced and widespread cyberattacks have become. While Binance continues to invest heavily in platform security and dark web monitoring, protecting your funds and personal data requires action on both sides. Stay informed, adopt security habits, and maintain clean devices to significantly reduce your exposure to threats like InfoStealer malware.