Cybercriminals ramped up their use of infostealer malware in 2024, infecting 4.3 million devices and stealing 330 million credentials, according to a report by KELA. Popular infostealers like Lumma, StealC, and Redline were responsible for much of the damage, with stolen login details circulating widely on cybercrime forums.

One of the most high-profile breaches linked to infostealer malware was the April 2024 attack on Snowflake, a cloud data provider. Hackers gained access to customer accounts using stolen credentials, exploiting weak security practices like the lack of multi-factor authentication. At least 165 companies were affected.

The report also found that 3.9 billion credentials were shared in credential lists sourced from infostealer logs. Nearly 40 percent of infected machines contained corporate credentials, making them prime targets for cybercriminals.

“The surge in infostealers and ransomware, along with the increasing use of AI-driven threats, highlights the urgent need for organizations to rethink their security postures and adopt a more proactive intelligence-led approach,” David Carmiel, CEO of KELA, said in a statement.
Despite law enforcement efforts to disrupt major infostealer operations, cybercriminals quickly adapt, ensuring these attacks will remain a serious threat in 2025. With malware-as-a-service platforms making these tools more accessible, experts warn that password theft and credential breaches will continue to rise.

To stay safe, experts recommend enabling multi-factor authentication (MFA) on all important accounts, using strong antivirus software, and avoiding suspicious downloads and links. Password managers can help protect credentials, and regularly updating software ensures known security vulnerabilities are patched.