31,000 Australian Banking Credentials Circulate On Telegram And Dark Web: How To Protect Your Data
More than 31,000 online banking credentials belonging to Australian customers of the country's Big Four banks are circulating on messaging platform Telegram and the dark web -- often shared for free, according to cybersecurity experts.
Cyber intelligence firm Dvuln uncovered the breach, revealing that the credentials include passwords from at least 14,000 Commbank customers, 7,000 ANZ users, 5,000 NAB clients, and 4,000 from Westpac, reported ABC.
Despite the fraud prevention systems in place at Commonwealth Bank, ANZ, NAB, and Westpac, security analysts warn that victims face a real risk of financial loss.
The stolen data was traced back to infostealer malware -- malicious software that secretly infected devices and funneled sensitive information back to cybercriminals.
Infostealers mainly target Windows-based systems and can extract passwords, credit card details, cryptocurrency wallets, browser cookies, autofill data, and more. Some malware date as far back as 2021, but remain valuable as they continuously capture updated information.
Dvuln co-founder Jamieson O'Reilly said cybercriminals were shifting away from noisy ransomware attacks and instead quietly infecting devices for long-term data harvesting, News.com reported.
Experts warn of "the silent heist"
Leonid Rozenberg, a malware expert at cybersecurity firm Hudson Rock, warned that stolen banking credentials can be used not only for direct theft, but also for linking to payment systems and laundering money. He added that the threat goes far beyond financial accounts.
While O'Reilly warned: "If your computer is infected, it's not just your banking credentials. It's your whole personal identifiable information, your digital life."
Hudson Rock estimated over 58,000 infected devices in Australia and 31 million globally. Cyber firm KELA recently reported that at least 3.9 billion passwords have been stolen worldwide through infostealers -- a method the Australian Signals Directorate calls "the silent heist."
"Back in 2018 it was only 135,000 infections and today, we're speaking about 31 million," Rozenberg said.
The staggering increase, which amounted to more than 200-fold in recent years, has driven down the black market value of stolen passwords to remarkably low levels.
O'Reilly, who tracks around 100 Telegram channels where cybercriminals trade data harvested by infostealers, says many operate on a subscription basis.
"You can pay $US400 and every month, as this gang continues to steal more passwords and infect more computers... you may get 100,000 to 200,000 new logs from 100,000 to 200,000 infected computers from all around the world, not just Australia," he said.
That's about AU$626 at current exchange rates -- less than a cent per infected device. Some Telegram groups offer "lifetime access" to stolen data for between US$3,000 and US$10,000, while in some cases, the data is shared for free.
Guard your data: Infostealers are watching
O'Reilly stressed the need for Australians to improve their cybersecurity awareness and move beyond outdated ideas of traditional scams. He recommends:
- Changing passwords alone isn't enough if done on an already infected device.
- Always change passwords from a clean, secure device.
- Multi-factor authentication (MFA) helps but isn't foolproof -- attackers can also steal cookies and access tokens.
- Regularly update your operating system and antivirus software -- this is your first line of defense.
- Avoid using the same computer for sensitive tasks and casual or family use.
- Infostealers are often spread through phishing emails, malicious ads, torrents, pirated software, and gaming mods.
- Be especially cautious with cracked software and unofficial game mods, which are commonly used to hide malware.
- Use separate devices for banking and other sensitive tasks, especially if children use the family computer.
© Copyright 2025 IBTimes AU. All rights reserved.
- MOST POPULAR IN Technology
