Binance Blog published a new article, addressing concerns about recent reports of Binance user credentials appearing on the dark web. The article clarifies that these incidents are not due to a breach of Binance systems but are instead linked to malware-infected devices. This type of malware, known as InfoStealer, is increasingly targeting browser-stored credentials across various industries, including cryptocurrency. Binance emphasizes the importance of user vigilance, as the company actively monitors such incidents, notifies affected users, and assists them in securing their accounts.
In recent days, claims have emerged suggesting a potential data breach at Binance, based on the appearance of user credentials on dark web forums. However, Binance's internal investigations have found no evidence of any compromise within its systems. The credentials in question appear to have been harvested from malware infections on individual user devices. These infections are carried out by actors operating in dark web markets, using InfoStealers to extract data from compromised browsers. Binance's security team continuously monitors dark web sources and malware campaigns to identify potential threats. When credentials linked to Binance accounts are detected, the company takes immediate action, including initiating password resets, revoking active sessions, and guiding affected users through account recovery.
The threat of InfoStealer malware extends beyond crypto platforms, posing a broader cybersecurity challenge. According to Kaspersky, over 2 million bank card details were leaked last year due to these malware campaigns, and the number continues to grow. Binance's internal data reflects this trend, showing a significant increase in the number of users whose credentials or session data have been compromised by InfoStealer infections. These infections typically affect personal devices where credentials are saved in browsers or auto-filled into websites, rather than originating from Binance itself.
InfoStealers are a category of malware designed to extract sensitive data from infected devices without the victim's knowledge. This includes passwords, session cookies, crypto wallet details, and other valuable personal information. These tools are widely available through the malware-as-a-service model, allowing cybercriminals to access advanced malware platforms for a subscription fee. Once stolen, data is sold on dark web forums, Telegram channels, or private marketplaces. The damage from an InfoStealer infection can lead to identity theft, financial fraud, and unauthorized access to other services, especially when credentials are reused across platforms.
To protect against InfoStealer malware, Binance advises users to employ antivirus and anti-malware tools, enable two-factor authentication, avoid saving passwords in browsers, and download software only from official sources. Keeping operating systems, browsers, and applications up to date is crucial, as is periodically reviewing authorized devices in Binance accounts. Users should also use unique credentials for each account and update them regularly. If malware infection is suspected, immediate action should be taken to change passwords, lock accounts, and report through official Binance support channels. Staying informed and adopting strong security habits are essential in reducing exposure to threats like InfoStealer malware.
