NordVPN Reveals Alarming Malware Threats from Online Games and Shopping Sites

The Rise of Infostealer Malware: Insights from NordVPN's Latest Research

In an alarming new study released by NordVPN, a leading personal security service provider, findings show that a staggering amount of data has been compromised by malware targeting online platforms. Specifically, the research centers around 'Infostealer' malware, which has been discovered to impact over 500 million data entries globally, raising urgent security concerns for modern families.

Understanding the Malware Threat

NordVPN's investigative research, conducted through its threat exposure management platform, NordStellar, analyzed extensive logs from Infostealer malware identified during the year 2025. The data revealed that everyday services such as online shopping, social media, and children's digital games are prime targets for cybercriminals. The most concerning finding is that a single suspicious file download can infect an entire family-shared computer, putting sensitive payment information at risk.

Research Details

- Target Domains: The investigation focused on the top 10,000 domains frequently detected in Infostealer logs.
- Data Analyzed: Approximately 500 million identified Infostealer logs across the globe were analyzed.
- Study Period: January 1, 2025, to December 31, 2025.

What is Infostealer?

Infostealer is a type of malware designed to secretly collect sensitive information such as passwords, cookies, and financial data from infected devices and send it to cybercriminals. It exists in hundreds of variants and operates as malware-as-a-service (MaaS) within criminal groups. The research shocked experts by revealing that about 99% of the identified victims were Windows users, primarily due to Windows's widespread use and compatibility with various browsers and games.

Targeted User Groups

The study identified three distinct user groups who are at higher risk of falling victim to Infostealer malware:

1. General Internet Users (Most Affected)
This group prioritizes convenience and frequently uses web services. Among them, social media users were the most affected. Data breaches on platforms like Facebook and Instagram reached around 65 million instances, while streaming services like Netflix and online shopping sites such as Amazon recorded breaches of approximately 28 million and 26 million instances, respectively. The ease of access to emails and payment services due to stolen session information exacerbates the extent of these breaches.

2. Game Platform Users
Many users of game platforms reported more than 53 million breaches. Their PCs often feature game launchers like Steam and popular titles such as Fortnite and Minecraft. The main infection routes included 'risky downloads' from cracked games, cheat tools, and unofficial launchers. Young users, in particular, face high risks due to widespread use of shared family PCs, making it easier for a single infected file to jeopardize payment information linked to their accounts.

3. System Administrators
Approximately 27 million breaches were identified among system administrators using development and management tools. They utilize environments that differ from general users, making them targets for significant data breaches. Tools like ID management portals and cloud platforms are particularly vulnerable. If PCs used in engineering and system management are infected, attackers may gain access to internal systems, leading to supply chain attacks.

Recommended Defense Measures from NordVPN's CTO

Marius Broniadis, CTO of NordVPN, recommends three essential defense strategies to prevent Infostealer attacks:

1. Prioritize Protection of Critical Accounts
Strengthening the security of accounts linked to essential services, such as email and ID management accounts is crucial. Activating multi-factor authentication (MFA) and implementing passkey technology is advised, along with securing accounts related to banking, online shopping, and business services.

2. Review Saved Data and Update Operating Systems
Users should regularly review their browser usage and saved passwords. Any unknown active sessions should be logged out immediately. It's also vital to keep operating systems and browsers updated to avoid vulnerabilities.

3. Beware of Unofficial Downloads
Stay vigilant against 'too good to be true' offers found online. Software that disables security features or bypasses system alerts, as well as unofficial launchers or cracked software, are direct gateways to malware infections.

Closing Thoughts

In Marius Broniadis's words, "The analysis has highlighted three clear user groups that are particularly vulnerable to malware infections. Regardless of your expertise level, such attacks can impact anyone. Infostealer targets predictable behaviors, and the more convenient devices are in storing information, the more data can be stolen in a breach. Minimizing the amount of leaked information, even if devices are compromised, is a valid defensive strategy."

About NordVPN

NordVPN is a cutting-edge VPN service provider with millions of users worldwide. With over 8,200 servers in 165 cities across 127 countries, it offers various features designed to enhance online privacy without tracking. One of its key offerings, Threat Protection Pro, provides malware scanning along with blocking malicious websites, trackers, and ads. NordVPN has also launched 'Saily,' a global eSIM service designed for travelers, simplifying data use abroad without the need for local SIM purchases.