We’ve seen an increase in InfoStealer malware in 2024, and hackers use it to steal credentials, cryptocurrencies and other personal data from millions of users. If you remember, I’ve reported countless An event called Lumma Prey on Android, Windows and even iOS and Mac users.
Now, a new cybersecurity report highlights that hackers’ use of Lumma, along with Stealc, Redline and other InfoStealers, infected 4.3 million machines in 2024, resulting in an astonishing 330 million stake certificates.
Security researchers 3.9 billion credentials were also observed shared in the credential list that appeared to be purchased from the InfoStealer log.
Illustration of a hacker at work (Kurt “Cyberguy” Knutsson)
InfoStealer-related attacks rise in 2024
one Cybersecurity Report Threat intelligence platform Kela discovered a sharp rise in InfoStealer malware in 2024. The researchers also observed a shocking trend in how data can be circulated. Share a large collection of certificates on cybercrime forums, often called “credential lists.” These lists are mainly derived from InfoStealer logs, which contain billions of login details harvested from infected devices.
One of the most famous incidents related to the InfoStealer malware is a violation of cloud data storage provider Snowflake. In April 2024, threat participants gained access to customer accounts using stolen login credentials, many of which were obtained through InfoStealers. The attacker used weak security practices such as the lack of multifactor authentication to extract valuable data and later tried to sell it on the underground market. The violations affected at least 165 companies.
What is artificial intelligence (AI)?
The Kayla report highlights Hackers deploying LummaStealc, Redline and other Infostealers infected 4.3 million machines, resulting in a compromise of 330 million certificates. Nearly 40% of these infected machines contain credentials for corporate systems, including content management platforms, email accounts, Active Directory Federation Services, and remote desktop environments. Total 1.7 million damaged robots and 7.5 million stolen certificates.
The report also found that it appears that 3.9 billion credentials were shared in the credential list from the InfoStealer log. Kela’s analysis shows that nearly 65% of infected devices are personal computers that store company certificates, making it a major target for InfoStealer malware.
Illustration of a hacker at work (Kurt “Cyberguy” Knutsson)
How to delete private data from the internet
2025 won’t be any different
Nothing will happen to the InfoStealer malware in 2025. As malware’s service platforms are about to rise and InfoStealers are becoming more advanced, cybercriminals may continue to use them as their preferred method of stealing credentials and gaining access to the system.
law enforcement However, it has been suppressing. In 2024, authorities managed to remove key parts of the InfoStealer ecosystem, including destroying the red line, one of the most widely used weak pebbles. This shows that international organizations can follow not only malware developers, but also the network and underground markets that make these operations run.
But evacuations like this rarely solve the problem. When a major InfoStealer operation is closed, other actions will quickly take their place. The ongoing demand for stolen certificates and the ability of cybercriminals to adapt means that in 2025 it may remain a major threat.
Click here to visit Fox Business
Illustration of a hacker at work (Kurt “Cyberguy” Knutsson)
Best Antivirus Software for Mac, PC, iPhone and Android – Web Choice
How to keep protective agent malware
As InfoStealer malware becomes a growing threat, protecting your data requires intelligent security habits and reliable tools. These are some effective ways to ensure information security.
1. Enable Two-Factor Authentication (2FA): Even if your credentials are stolen, 2FA Additional security layers are added by requiring a second form of verification, such as code for authentication applications or biometric confirmation. Cyber criminals rely on stolen usernames and passwords to break down their accounts, but with 2FA enabled, they are inaccessible without additional security steps. Make sure to enable 2FA on important accounts such as email, banking, and work-related logins.
2. Use powerful antivirus software and be cautious on downloads and links: InfoStealer malware is often spread through malicious downloads, phishing emails, and fake websites. Avoid downloading software or files from untrusted sources before clicking them. Attackers mask malware as apps that are legal software, games cheated or cracked, so it is best to stick to official websites and app stores for download.
The best way to protect yourself from installing malware (malicious links that may access private information) is to install powerful antivirus software on all devices. This protection can also remind you about phishing email and ransomware scams, ensuring your personal information and digital assets are secure. The choice of the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
3. Using Password Manager: Many InfoStealers aim to save passwords in a web browser. Instead of relying on your browser to store credentials, use a dedicated password manager. Get more details about me Best Expert Review Password Manager in 2025.
4. Keep the software updated: Cyber criminals use outdated software to provide malware. Keep the operating system, browser and security software up to date Make sure to fix known vulnerabilities. Enable automatic updates whenever possible and install reputable antivirus or endpoint protection software that detects and prevents InfoStealer threats before damaging your system.
How to fight back with debit card hackers who follow your money
Kurt’s key points
Given the surge in InfoStealer malware warnings, it is clear that cybercriminals are actively targeting passwords. Organizations and individuals are urged to strengthen their security measures by enabling 2FA, monitoring credential exposure and using endpoint protection tools. Although no security measures are completely foolproof, combining these practices can significantly reduce the risk of enterprise malware victims.
Click here to get the Fox News app
Do you feel that companies are doing enough to protect data from InfoStealer malware and other cyber threats? Let’s write to us cyberguy.com/contact.
For more technical tips and security alerts for me, please subscribe to my free online reporting newsletter cyberguy.com/newsletter.
Ask Kurt a question, or let us know what stories you want us to cover.
Follow Kurt on his social channels:
Answer the most questioned online gu questions:
New things from Kurt:
Copyright 2025 CyberGuy.com. all rights reserved.
