Tue 29 April 2025:
More than 31,000 stolen Australian banking passwords are being traded online by cybercriminals, local media reported Tuesday.
A probe conducted by cyber intelligence researchers revealed that login credentials for Australia’s four major banks are being circulated on the messaging app Telegram and the dark web, posing a significant risk of fraud, according to the Australian Broadcasting Corporation (ABC).
The credentials were stolen from personal devices through “infostealer” malware, according to Australian cybersecurity firm Dvuln, which made the discovery.
Some of the compromised devices were infected as early as 2021 and remain vulnerable to attacks, said Dvuln founder Jamie O’Reilly.
Globally, over 31 million devices have been infected by infostealer malware, with more than 58,000 devices affected in Australia alone when counting all types of infected devices, according to cybersecurity company Hudson Rock.
Earlier this month, it was also reported that Australian superannuation funds had been targeted by cyberattacks, during which stolen passwords of 600 members were used in attempts to access accounts and commit fraud.
__________________________________________________________________________
https://whatsapp.com/channel/0029VaAtNxX8fewmiFmN7N22
__________________________________________________________________________
Australia’s cyber attack history has escalated over the past few decades, driven by its digital economy and geopolitical tensions. In the early 2000s, cybercrime was mostly small-scale, with phishing and basic malware targeting individuals. By 2018, the Australian National University suffered a sophisticated breach, exposing 200,000 people’s data via spear-phishing, undetected for months.
2022 marked a turning point. The Optus breach compromised 9.8 million customers’ personal details, including passports, through an unsecured API—potentially the worst in Australian history. Weeks later, Medibank’s hack by the REvil ransomware gang leaked 9.7 million customers’ sensitive health data on the dark web, with a $10 million ransom demand unmet. Both exposed systemic cybersecurity gaps, sparking public outrage and policy debates.
In 2023, Latitude Financial’s breach hit 14 million, revealing outdated data retention practices. 2024 saw MediSecure’s ransomware attack, affecting 12.9 million with stolen health records. Superannuation funds, like AustralianSuper, faced credential-stuffing attacks in 2025, with $500,000 stolen from members.
State-sponsored actors, often linked to China or Russia, have targeted government and critical infrastructure, like the 2020 attack attributed to a “sophisticated state-based actor.” Cybercrime reports surged 13% by 2022, with attacks every six minutes. Australia’s response includes the 2024 Cyber Security Bill and increased funding, but experts warn businesses must bolster defenses as threats grow.
SOURCE: INDEPENDENT PRESS AND NEWS AGENCIES
__________________________________________________________________________
FOLLOW INDEPENDENT PRESS:
WhatsApp CHANNEL
https://whatsapp.com/channel/0029VaAtNxX8fewmiFmN7N22
TWITTER (CLICK HERE)
https://twitter.com/IpIndependent
FACEBOOK (CLICK HERE)
https://web.facebook.com/ipindependent
YOUTUBE (CLICK HERE)
https://www.youtube.com/@ipindependent
Think your friends would be interested? Share this story!
