Number of devices hit by data-stealing malware up 600% in 3 years: Report

The number of devices compromised with data-stealing malware has increased more than 600 per cent in the past three years, according to cybersecurity firm Kaspersky.

Kaspersky's Digital Footprint Intelligence data showed the number of personal and corporate devices compromised with data-stealing malware reached 10 million in 2023, registering a 643 per cent increase over the past three years.

"According to Kaspersky's assessment, the number of infections that occurred in 2023 is projected to reach roughly 16,000,000," it said, noting an increase in the threat posed by data-stealers for both consumers and businesses.

Cyber criminals steal an average of 50.9 log-in credentials per infected device, it said, adding that these credentials may encompass log-ins for social media, online banking services, crypto wallets, and various online services including email.

The data, which drew insights from infostealer malware log files traded on underground markets, showed the actual number of infections is likely to be even higher than 10 million.

"The dark-web value of log files with login credentials varies depending on the data's appeal and the way it's sold there. Credentials may be sold through a subscription service with regular uploads, a so called 'aggregator' for specific requests, or via a 'shop' selling recently acquired login credentials exclusively to selected buyers. Prices typically begin at USD 10 per log file in these shops," said Sergey Shcherbel, a cybersecurity expert at Kaspersky Digital Footprint Intelligence.

According to Kaspersky's data, 443,000 websites worldwide have experienced compromised credentials in the past five years.

The .com (dot com) domain led the list of compromised accounts, followed by Brazil (.br), India (.in), Colombia (.co), and Vietnam (.vn).

"In the .in domain, associated with India, compromised accounts reached over 8 million in 2023," it said.