Reading Time: 5 minutes

Summary

In a troubling development for Australia’s financial and cybersecurity landscape, more than 31,000 passwords belonging to customers of the country’s Big Four banks—Commonwealth Bank, ANZ, NAB, and Westpac—have been found circulating, including Telegram and the dark web.

The stolen credentials were not the result of a breach within the banks themselves, but rather the consequence of infostealer malware infections on individual users’ devices. According to cybersecurity experts, these types of malware silently extract data such as banking credentials, credit card numbers, browser data, and more—then ship it off to cybercriminal groups who trade, sell, or give it away online.

What Happened?

Cyber intelligence firm Dvuln discovered that infostealer malware had infected thousands of devices, extracting sensitive information directly from users’ computers. Unlike traditional hacking methods that target bank systems, this malware infiltrates personal devices, harvesting data such as passwords, credit card details, and browser information.

Infostealers, as their name suggests, are a class of malware designed to silently infiltrate a system and exfiltrate as much useful information as possible. According to Dvuln founder Jamie O’Reilly, this malware can harvest hundreds of saved credentials per victim, ranging from bank accounts to PayPal, crypto wallets, and online shopping platforms.

The investigation found that even old, previously infected machines are valuable to attackers. Some passwords in the leaked logs were four to five years old, but still worked on live systems and services. This highlights the long-term risks of not updating passwords or reviewing saved credentials on personal devices.

Key Facts

• Affected Banks: Commonwealth Bank (~14,000 customers), ANZ (~7,000), NAB (~5,000), and Westpac (~4,000).​
• Malware Used: Infostealer malware, which silently collects data from infected devices.​
• Platforms for Data Trade: Telegram channels and dark web forums.​
• Scope of Infection: Over 58,000 devices in Australia have been compromised.​
• Global Impact: Nearly 26 million devices were compromised by infostealer malware across 2023 and 2024, leading to the leak of more than 2 million unique bank card details. ​
• Validity of Leaked Data: Approximately 95% of the leaked bank card numbers were deemed “technically valid,” indicating a substantial potential for financial fraud.

What Data Was Leaked?

The infostealer malware extracted a wide range of sensitive information, including:​

• Banking Credentials: Usernames and passwords for online banking accounts.​
• Credit Card Information: Card numbers, expiration dates, and CVV codes.​
• Personal Data: Names, addresses, and contact details.​
• Browser Data: Cookies, autofill information, and browsing history.​

This comprehensive data collection enables cybercriminals to bypass security measures and gain unauthorized access to various accounts.

What is the Risk?

Infostealer malware is dangerous not just because of what it takes, but how silently and deeply it operates. From a cybersecurity perspective, this type of malware is a highly effective tool in the hands of criminals because it exploits both technology and human behavior.

Here’s how it typically plays out — and why it matters to you.

Step 1: Delivery (It All Starts with a Click)

Attackers often deliver infostealers through phishing emails, fake software downloads, or malicious websites. This stage is called “delivery” in the cyber kill chain — a model used by security professionals to track the steps of an attack.

In most cases, the user doesn’t even realize they’ve clicked on something harmful. The malware installs quietly in the background, requiring no further interaction.

Step 2: Exploitation (The Malware Gets to Work)

Once it lands on a device — usually a Windows computer — the malware starts scanning your system for valuable data. This includes:

• Saved passwords (from browsers or apps)
• Credit card details
• Cryptocurrency wallets
• Cookie sessions (which help bypass MFA)
• Login credentials for banking, email, PayPal, e-commerce sites, etc.

This is the exploitation and installation phase of the kill chain. The malware often disguises itself or deletes its own traces to avoid detection by antivirus software.

Step 3: Exfiltration (Data Is Sent to Criminal Servers)

After stealing the data, the malware sends it back to the attacker’s servers. In security speak, this is called “exfiltration”. What’s scary is this happens automatically, usually within minutes of infection — and victims rarely notice anything.

Once the data is uploaded, criminals package it into logs and sell or trade it on forums like Telegram or the dark web.

Step 4: Weaponization and Use (The Real Damage Begins)

The attacker now has everything they need to impersonate you online or access your bank account. They might:

• Use your cookies and browser sessions to bypass 2FA and access your bank or email
• Use your login details to drain funds or launder money
• Sell your identity data to other criminals for future fraud or synthetic identity creation

This is the final kill chain phase: “actions on objectives”, where the attack delivers real-world impact. In short: they don’t just steal the data—they use it.

So What’s the Real Risk?

The risk is twofold:

1. Immediate financial loss — If a bank account, PayPal, or crypto wallet is accessed.
2. Long-term exposure — Even if your money is safe today, your information might be used or sold repeatedly across different platforms for years.

This is not just a one-time threat, but an ongoing privacy breach that could haunt you if not addressed properly.

How to Protect Yourself: Immediate and Long-Term Steps

If you think your data might have been leaked, don’t panic — but do act fast. Here’s what you should do right now:

Immediate Actions (Do These Right Now)

If you suspect your device is infected or your bank credentials may have been leaked, these are the first steps you should take immediately:

1. Change Your Bank Passwords (Now):
Log in to your online banking accounts and change your passwords straight away. Make them strong, unique, and don’t reuse them anywhere else.

2. Turn On Security Features on your Bank Account:
If your bank or email provider offers 2FA, enable it. This adds a second step to logging in, like a code sent to your phone.

How to Enable Security Settings on ANZ Bank

How to Enable Security Settings on Westpac

How to Enable Security Settings on NAB

3. Check for Malware on Your Devices:
Run a full malware scan using a trusted antivirus program. If anything suspicious is found, remove it and restart your device.

Here are some guides:

Windows:

How to Scan your Windows PC for Malware

How to Enable Security Settings on MacBook

How to Scan Android Device for Malware

4. Monitor Your Accounts Closely:
Check your banking and financial accounts for any unfamiliar transactions. If you see something suspicious, report it to your bank immediately.

5. Use Data Leak Tool:
Check if your email, phone number, or accounts have been found in public data breaches.

Long-Term Habits (To Stay Safe Ongoing)

1. Isolate your Critical Accounts :
2. Don’t Save Passwords in Your Browser:
   Browsers are a major target for infostealer malware. Use a password manager instead to store your credentials securely.
3. Keep Software and Operating Systems Updated:
   Many malware infections happen because people delay updates. Turn on auto-updates for your browser, OS, and antivirus.
4. Review and Revoke Unused Logins:
   Go through your banking, email, and app security settings to remove old sessions, devices, and third-party connections you no longer use.
5. Check before you Click:
   Be skeptical of emails with links or attachments, especially ones claiming to be from your bank, service provider, or government. Always go to the official website manually.

Want to dive deeper into personal online safety? Demysti5 offers tailored guides and tools for everyone—from parents and families, students, and senior citizens to remote workers, job seekers, and high net worth individuals.

You can also:

• Check your Online Safety Score
• Get practical Cyber Advice
• Adopt Secure Habits that protect your digital life
• Sign up on Web App
• Learn more about Cyber Safety for Business and Colleges
• Spread the Word and help others stay safe online
• Catch up on insights via the Demysti5 Blog
• Download the Demysti5 Android App or get it on the Play Store
• Follow us on Facebook and YouTube

Stay informed. Stay protected. Demysti5 it.