Research reveals: Over half a million payment cards stolen by malware

Over 600,000 payment cards compromised as malware as a service continues to thrive.

As malware becomes an increasingly common tool for payment card theft, a recent research conducted by cybersecurity company NordVPN has revealed alarming information. Over 600,000 payment cards were compromised worldwide, with their details later sold on the dark web.

Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, explains, “The malware didn’t just steal the victims’ payment card details. Most of the stolen payment cards’ info came with a big bonus for cybercriminals — users’ autofill information and account credentials. This additional information opens doors to an even wider range of attacks, including from identity theft, online blackmail, and cyber extortion.”

The study showed that as many as 99% of the stolen cards included additional data, such as the victim’s name, computer files, and saved credentials.

Malware as a service: A cybercriminal’s payday

Cybercriminals use malware as a service, or subscription-based malware tools, for information theft. They function like your regular subscription — you pay a fee, and you get access to various data-stealing features.

“Malware is often used as a ‘weapon of mass infection’ because the results are reproducible at scale, even for relatively unskilled people. The payment card thieves are not ‘cyber’ criminals in the first place — they are criminals that have found a new tool to do what they would have done anyway,” says Warmenhoven.

Malware as a service is available to buy for as little as $100-150 per month from specialized dark web marketplaces. The providers of malware go the extra mile to support their customers, often providing extensive guidance, user guides, and dedicated forums where newbies can get help.

Spotlight on Redline — a cybercriminal’s top choice

The research revealed that six out of 10 payment cards (60%) were stolen using sophisticated stealer, Redline.

Warmenhoven explains, "Redline is a significant threat due to its affordability, effectiveness, and accessibility. It's easily deployed through social engineering, continually adapts to evade detection, and is supported by dedicated Telegram channels, making it especially dangerous and accessible to novice cybercriminals."

Redline infiltrates devices via various methods that demand vigilance, such as phishing emails, exploiting software vulnerabilities, deceptive ads, and compromised public USB ports. Sophisticated techniques like man-in-the-middle and remote code attacks are also employed to deliver malware directly.

The unfortunate fact is that stolen data is sold and used incredibly quickly — often in a matter of hours. Cybercriminals know that the quicker they exploit the stolen payment card details, the higher the chance their fraudulent transactions will go through.

Visa cards and American users are the most targeted in widespread payment card theft

All payment cards are at risk of theft. However, payment cards from the most popular providers may be stolen more often because more people use them. The research showed that over half (54%) of the 600,000 cards were Visa, and a third (33%) were Mastercard cards.

Payment card theft is particularly rampant in the U.S., with most stolen payment card details coming from American users. However, payment card theft also severely impacts users in several other countries, such as Brazil, India, Mexico, and Argentina.

How to build a strong defense against malware

Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, offers these essential tips to enhance online security and safeguard against malware:

• Learn to spot phishing: Phishing emails and texts are often responsible for malware infections. Knowing the most common signs of phishing is crucial.

• Use strong passwords: Creating long, complex, and unique passwords helps protect your accounts. For easy and secure password management, consider using NordPass.

• Secure accounts with MFA: Setting up multi-factor authentication on your accounts adds an extra layer of security, which can prove incredibly useful if someone gets hold of your credentials.

• Avoid shady downloads: Avoid downloading software, apps, or updates from unofficial sources — get them from app stores or official websites instead.

• Use NordVPN’s Threat Protection Pro: It blocks dangerous sites and scans files during download to prevent malware infections.

• Use dark web monitoring tools: Dark Web Monitor continuously scans the dark web for your credentials and sends an alert if your email appears in a leaked database.

METHODOLOGY

The research was conducted by NordStellar, a threat exposure management platform from the creators of NordVPN. NordStellar researchers analyzed stolen card data for sale on hacker Telegram channels to understand how this information was obtained.

The research reviewed various data points, such as when the incident occurred, the providers of the stolen cards, the data harvested alongside the payment card, the type of malware used, the country of the incident, and the targeted operating system (OS). The research took place in April 2024.

Please note: No individual payment card details or user credentials were accessed or purchased during this research. The researchers only analyzed the metadata that comes with stolen data listings on specialized Telegram channels and dark web marketplaces.

ABOUT NORDVPN

NordVPN is the world’s most advanced VPN service provider, chosen by millions of internet users worldwide. The service offers features such as dedicated IP, Double VPN, and Onion Over VPN servers, which help to boost your online privacy with zero tracking. One of NordVPN’s key features is Threat Protection Pro, a tool that blocks malicious websites, trackers, and ads and scans downloads for malware. The latest creation of Nord Security, NordVPN’s parent company, is Saily — a global eSIM service. NordVPN is known for being user friendly and can offer some of the best prices on the market. This VPN provider has over 6800 servers covering 111 countries worldwide. For more information, visit https://nordvpn.com.