More Than 31,000 Compromised Credentials Circulate on Telegram and Dark Web
Cybercriminals are sharing over 31,000 Australian banking passwords online. The ABC confirmed the leak includes details from all Big Four banks.
Cyber intelligence researchers uncovered credentials of 14,000 Commbank, 7,000 ANZ, 5,000 NAB, and 4,000 Westpac customers. These details appear on Telegram and dark web forums.
Figure 1: Thousands of Australian banking details stolen
Infostealer Malware Behind Widespread Theft
Australian cybersecurity firm Dvuln discovered the leak. The firm linked the stolen passwords to infostealer malware infections.
“This is not a vulnerability in the banks,” said Dvuln founder Jamie O’Reilly. “These are customer devices that have been infected.”
Infostealer malware extracts banking credentials and delivers them directly to criminals. It infects mainly Windows systems and captures sensitive data.
The malware collects passwords, credit card details, crypto wallets, browser cookies, autofill data, and more.
Impact Extends Beyond Banking Accounts
Cybersecurity expert Leonid Rozenberg from Hudson Rock said victims face serious risks.
“Threat actors can use the bank account to link to some kind of payment system, to transfer funds, or for money laundering,” he said.
Rozenberg also explained that malware steals broader personal data.
“We see that the average [infostealer] victim has between 200 [and] 300 account [details] stored inside the browser,” he said.
These may include PayPal, e-commerce platforms, or accounts used to move money internationally.
Infections Date Back Years but Remain Useful to Hackers
Dvuln found some infected devices dated back to 2021. These credentials still hold value for cybercriminals.
“We have been able to compromise even some ASX-listed companies, in a controlled scenario, with four- or five-year-old passwords,” said O’Reilly.
Theft Often Remains Hidden
Despite the scale of infections, public reports of related fraud remain limited.
“There may be a large number of fraud attacks happening against individuals and businesses… but there’s been no public attribution because it’s very difficult to trace back to a specific malware infection,” O’Reilly said.
“A lot of this crime, on an individual level, goes unreported.”
Global Trend Reaches Alarming Scale
Hudson Rock recorded over 58,000 infected devices in Australia. Globally, infections have topped 31 million.
In 2018, there were just 135,000 infections worldwide. The current figure reflects a 200-fold increase.
Cybersecurity firm KELA estimates infostealers have stolen at least 3.9 billion passwords worldwide.
Also Read: Cookbook Controversy Boils Over Between RecipeTin Eats and Brooki Bakehouse
Online Trade of Stolen Data Thrives
O’Reilly monitors about 100 Telegram groups where criminals trade stolen credentials.
“You can pay $US400 and every month, as this gang continues to steal more passwords and infect more computers… You may get 100,000 to 200,000 new logs from 100,000 to 200,000 infected computers from all around the world, not just Australia,” he said.
That cost equals roughly $626. It translates to less than one cent per infected device.
Some Telegram groups offer lifetime access for between US$3,000 and US$10,000.
Criminals sometimes give data away for free to attract buyers.
“The criminals have so many passwords and so much data that they give away thousands and thousands of credentials just to entice new criminal customers to come and buy the private information,” he said.
Figure 2: Banking details are being sold on Telegram Channels
Windows Devices Remain Prime Targets
Over 90 per cent of infostealer infections affect Windows systems.
Rozenberg attributed the skew to widespread Windows use, not a security flaw.
“Still, today, in 2025, most of the people they’re using Windows devices,” he said.
“So [attackers] mostly develop infostealers for Windows,” he added.
Protecting Against Infostealers Requires Strategic Measures
Experts advise using a secure, clean device when changing passwords.
“It’s the equivalent of changing your locks while the burglars are still in your house,” O’Reilly said.
Multi-factor authentication can help but it does not guarantee protection.
“If you do have someone’s active access token, a lot of the time you can actually bypass their MFA,” O’Reilly said.
O’Reilly urged users to rotate passwords, use MFA, and keep systems updated.
“Research does show that up to 50 per cent of devices infected with infostealer malware have antivirus,” he said.
“But what a lot of people don’t talk about is the fact that either the operating system or the antivirus itself isn’t kept up to date,” he added.
Avoid Shared Devices for Banking Access
O’Reilly warned against using shared or family computers for sensitive tasks.
“One of the most common ways… [is] Minecraft mods or cracked software, which is software that you would typically have to pay license fees for,” he said.
“If you’ve got banking credentials or highly sensitive information on your computer, keep that separate from the computer your children are using,” he advised.
A Growing Cybersecurity Challenge
O’Reilly hopes the findings encourage public awareness.
“Nothing is 100 per cent unhackable, but there are strategies that people can use at home to make it much harder for criminals to get their information in the first place,” he said.
