Banking Passwords Stolen from Australians

Nikita Shekhawat
Nikita Shekhawat

Marketing Analyst

 
April 29, 2025 4 min read

More than 31,000 passwords belonging to Australian customers of the Big Four banks have been shared among cybercriminals online, often at no cost. An investigation by cyber intelligence researchers revealed that credentials from at least 14,000 Commbank customers, 7,000 ANZ customers, 5,000 NAB customers, and 4,000 Westpac customers are available through platforms like Telegram and the dark web. This follows recent attacks targeting Australian superannuation funds where hackers exploited leaked passwords to access members' accounts. A screenshot of a website selling stolen data, an ANZ website is highlighted. The Australian firm Dvuln, which discovered this issue, indicated that the passwords were stolen directly from users' devices infected with infostealer malware. Jamie O'Reilly, Dvuln's founder, clarified, "This is not a vulnerability in the banks; these are customer devices that have been infected." Infostealer malware is designed to infect devices, collect valuable data, and send it to criminals. This type of malware primarily targets Windows computers and can capture not only passwords but also credit card information, cryptocurrency wallets, and browser data. A graphic depicting a computer infected with malware for a story about stolen banking passwords.

Risks and Consequences of Infostealer Malware

Experts warn that exposed passwords pose a significant risk of theft. Leonid Rozenberg, a specialist in infostealer malware at Hudson Rock, stated, "Threat actors can use the bank account to link to some kind of payment system, to transfer funds, or for money laundering." The average victim of infostealer malware has between 200-300 stored account details, which could include various financial and e-commerce accounts. A screenshot of a website selling stolen data, the search tab shows 17,000 files mention Australia. Despite the rise in malware infections, there has been a surprising lack of publicized theft and fraud linked to this issue. O'Reilly explained that many fraud cases may go unreported due to the difficulty in tracing back to specific malware infections. He emphasized that "A lot of this crime, on an individual level, goes unreported."

Infostealer Malware: A Growing Threat

The usage of infostealers has surged dramatically, with Hudson Rock reporting over 58,000 infected devices in Australia and more than 31 million globally. This increase has resulted in a significant drop in the price of stolen passwords. O'Reilly monitors about 100 Telegram groups that trade data obtained through infostealers, many of which offer subscriptions for ongoing access to stolen credentials. A Telegram channel advertising For as little as $US400, criminals can gain access to hundreds of thousands of stolen credentials monthly. Many groups even provide free access to entice new customers, reflecting the abundance of stolen data available.

Protecting Yourself from Infostealer Malware

To safeguard against infostealer malware, it's essential to adopt proactive measures. Changing your password is ineffective if your device remains infected. The best approach is to change your passwords from a secure device. Multi-factor authentication (MFA) can provide additional security; however, attackers may also sell access tokens alongside stolen passwords. Key strategies for protection include:

  1. Update Software Regularly: Keeping both your operating system and antivirus software updated is critical. Research indicates that many infected devices have outdated security measures in place.
  2. Beware of Shared Devices: If sensitive information is stored on a family computer, ensure that only trusted users access it. Infections can spread through various means, including phishing attacks and downloading unverified software.
  3. Educate Yourself on Malware Risks: Understanding how malware operates can help you avoid common pitfalls, such as downloading from dubious websites or clicking on unknown links.

Cybersecurity Tips for Financial Accounts

Proactive measures are crucial for securing financial accounts. Cybercriminals are constantly seeking opportunities to access personal finances. It's vital to implement several strategies to mitigate risks:

  1. Enable Multi-Factor Authentication (MFA): This adds an extra layer of security by requiring verification through multiple methods.
  2. Use Strong, Unique Passwords: Employ long, complex passwords for each account. Consider using a password manager to keep track of them.
  3. Be Wary of Scams: Always verify the source of communications before responding or clicking on links.
  4. Monitor Accounts Regularly: Frequently check for unusual transactions and set up alerts for large withdrawals.
  5. Secure Your Devices: Ensure devices are protected with strong locks and that software updates are enabled.

For marketers in the cybersecurity space, leveraging tools like GrackerAI can streamline content creation and enhance strategic marketing efforts. GrackerAI helps organizations identify emerging trends, monitor threats, and produce relevant content that resonates with cybersecurity professionals. Explore GrackerAI's services at https://gracker.ai to elevate your cybersecurity marketing initiatives.

Latest Cybersecurity Trends & Breaking News

TufinAI: Revolutionizing Network Security 'Slopsquatting' and Other New GenAI Cybersecurity Threats

Nikita Shekhawat
Nikita Shekhawat

Marketing Analyst

 

Data analyst who identifies the high-opportunity keywords and content gaps that fuel GrackerAI's portal strategy. Transforms search data into actionable insights that drive 10x lead generation growth.

Related Articles

Top 7 Tools to Help SaaS Companies Find High-Intent Leads
SaaS lead generation

Top 7 Tools to Help SaaS Companies Find High-Intent Leads

Explore the top 7 tools to help SaaS companies find high-intent leads, boost conversions, and streamline customer acquisition with smarter targeting.

By Abhimanyu Singh December 5, 2025 5 min read
Read full article
AI Chat with PDF: A Practical Guide for AEO-Focused Marketers and Visibility Strategists
AI Tools

AI Chat with PDF: A Practical Guide for AEO-Focused Marketers and Visibility Strategists

Learn how AEO and GEO marketers use AI Chat with PDF tools to extract insights, structure Q&A content, analyze competitors, and boost AI visibility with Gracker.

By Mohit Singh Gogawat December 5, 2025 5 min read
Read full article
Stop Bleeding Leads: The Cybersecurity Marketing ROI Audit B2B SaaS Can't Ignore
cybersecurity marketing ROI

Stop Bleeding Leads: The Cybersecurity Marketing ROI Audit B2B SaaS Can't Ignore

Discover how B2B SaaS companies can stop wasting marketing dollars and boost ROI with a comprehensive cybersecurity marketing audit. Identify leaks, optimize strategies, and drive lead generation.

By Deepak Gupta December 5, 2025 11 min read
Read full article
How Social Media Aggregators Drive B2B Engagement and SEO Results
social media aggregators

How Social Media Aggregators Drive B2B Engagement and SEO Results

Learn how social media aggregators drive B2B engagement, boost SEO rankings, build trust with social proof, and enhance brand visibility.

By Ankit Agarwal December 4, 2025 3 min read
Read full article