Malware exposes 3.9 billion passwords in huge cybersecurity threat

A new cybersecurity report now highlights that hackers using Lumma, along with StealC, Redline and other infostealers, infected 4.3 million machines in 2024, leading to an astonishing 330 million compromised credentials. 

One of the most notable incidents linked to infostealer malware was the breach of Snowflake, a cloud data storage provider. In April 2024, threat actors gained access to customer accounts using stolen login credentials, many of which were obtained through infostealers. Exploiting weak security practices, such as the absence of multifactor authentication, attackers extracted valuable data and later attempted to sell it on underground markets. The breach affected at least 165 companies.

The report also found that 3.9 billion credentials were shared in credential lists that appear to be sourced from infostealer logs. KELA's analysis suggests that almost 65% of infected devices were personal computers storing corporate credentials, making them a prime target for infostealer malware.

Infostealer malware is not going anywhere in 2025. With malware-as-a-service platforms on the rise and infostealers becoming more advanced, cybercriminals will likely keep using them as a go-to method for stealing credentials and gaining access to systems.

But takedowns like these rarely put an end to the problem. When one major infostealer operation is shut down, others quickly step in to take its place. The constant demand for stolen credentials and the ability of cybercriminals to adapt means infostealer attacks will likely remain a major threat in 2025.

With infostealer malware becoming a growing threat, protecting your data requires a mix of smart security habits and reliable tools. Here are some effective ways to keep your information safe.

2. Use strong antivirus software and be cautious with downloads and links: Infostealer malware often spreads through malicious downloads, phishing emails and fake websites. Avoid downloading software or files from untrusted sources and always double-check links before clicking them. Attackers disguise malware as legitimate software, game cheats or cracked applications, so it is best to stick to official websites and app stores for downloads.

Given the surge in infostealer malware warnings, it is clear that cybercriminals are actively targeting passwords. Both organizations and individuals are urged to strengthen their security measures by enabling 2FA, monitoring credential exposure and using endpoint protection tools. While no security measure is completely foolproof, combining these practices can significantly reduce the risk of falling victim to infostealer malware.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.