Infostealers Harvest Over 30,000 Australian Banking Credentials

The banking credentials of more than 30,000 Australians have been harvested by infostealers, according to Dvuln researchers.

The pen-testing firm conducted an analysis of infostealer logs between 2021 and 2025, which identified the individual banking credentials for customers across four major Australian banks.

For each of the banks, which Dvuln has not named, a steady increase in the number of stolen credentials was observed from 2021 to 2023, before a small decline in 2024.

The findings highlight the growing impact of infostealers on the cybercrime landscape. The use of infostealers enables threat actors to gain unauthorized access to various services without breaching the institutions themselves.

Read now: Over 330 Million Credentials Compromised by Infostealers

In the financial sector, this facilitates malicious activities such as account takeovers, fraudulent transactions and identity-based financial fraud.

As a result of this trend, sectors such as finance must not only defend their own networks but also ensure the integrity of customer accounts that interact with their digital assets.

“Infostealer malware represents one of the most pervasive yet underreported threats facing Australia’s financial sector,” the researchers warned.

The Rise of Infostealers

Infostealers are malware variants designed to infect consumer devices to harvest credentials, authentication cookies and financial information.

This stolen data is sold on cybercrime marketplaces, allowing access brokers to obtain initial access to organizations or individual user accounts.

Often, once access is established, it is packaged and sold to ransomware operators or other threat actors who require enterprise infiltration points. This sale can include detailed intelligence, such as system architecture, endpoint security and potential lateral movement paths.

“The modern infostealer economy is a mature and segmented marketplace, with distinct criminal roles collaborating to harvest, distribute and monetize stolen data at scale,” the researchers noted.

Modern Infostealers Bypassing Traditional Controls

The researchers warned that modern infostealers have evolved beyond simple passwords to bypass multi-factor authentication (MFA).

This is because they can now capture authentication cookies that can be used to access a user’s already-authenticated session.

As MFA protections typically only occur at initial login, subsequent actions are authorized via cookies or tokens. When infostealers harvest these tokens, they are stealing authentication that has already pass MFA verification.

“This creates a critical security gap that criminals are increasingly exploiting and highlights the need for more robust application security controls such as token-based continuous access evaluation,” the report stated.

The researchers added that traditional security controls designed to defend against direct attacks on organizational infrastructure are ineffective against the infostealer model.

They set out the following actions for financial institutions to tackle this threat:

• Enhance controls beyond MFA, such as implementing continuous access evaluation for user sessions
• Step up authentication for high-risk transactions even within authenticated sessions
• Create processes to identify and invalidate potentially compromised authentication tokens
• Develop targeted customer awareness campaigns about the risks of infostealer malware