Redline, Vidar and Raccoon Malware Stole 1 Billion Passwords in 2024

Specops 2025 Breached Password Report reveals over 1 billion passwords stolen by malware in the past year, exposing weak practices, malware trends, and security gaps.

Cybersecurity researchers at Specops are delivering a global wake-up call over a major password-related issue: over 1 billion passwords were stolen by malware in the past year. According to Specops Software’s 2025 Specops Breached Password Report shared with Hackread.com ahead of its publishing on Tuesday, millions of stolen passwords met standard complexity requirements. The report also highlights the prevalence of malware stolen credentials, with over a billion found in the last 12 months.

The Report’s Key Findings:

• Despite meeting common complexity requirements (length, uppercase, numbers, symbols), 230 million stolen passwords were still compromised.

• Common weak passwords like “123456” and “admin” continue to plague systems, revealing a significant gap in user awareness and education.

• Common base terms like “qwerty,” “guest,” and “student” are frequently used as password foundations.

• Redline, Vidar, and Raccoon Stealer emerged as the top three credential-stealing malware, demonstrating the sophistication and persistence of these threats. These sophisticated malware strains actively target and steal credentials from various sources, including web browsers, email clients, and even VPN clients. Check out Hackread.com’s detailed analysis of these malware here.

• The “malware-as-a-service” model, where cybercriminals rent out these tools, has increased the accessibility and availability of these powerful attack vector.

The report highlights the ongoing struggle which unsuspecting users and organizations face in addressing weak password practices, with end users still creating short, weak passwords despite knowing the risks.

Via Specops

Users often employ the same or slightly modified passwords across multiple accounts, including work, personal, and online services, which is a risky practice as reusing work passwords on personal devices and less secure platforms significantly increases the potential for compromise. A single breach on a less secure platform can compromise access to sensitive corporate systems, including Active Directory and VPNs.

Moreover, stolen credentials provide attackers with direct access to valuable data, including personal information, financial records, and corporate secrets. These credentials can be used to launch further attacks, such as phishing campaigns and more sophisticated breaches, enabling attackers to gain deeper access to organizational systems.

“The amount of passwords being stolen by malware should be a concern for organizations. Even if your organization’s password policy is strong and meets compliance standards, this won’t protect passwords from being stolen by malware.”

Darren James, Senior Product Manager – Specops Software.

Considering these dangerous implications, security experts recommend organizations implement stronger password policies and regularly scan Active Directory for compromised passwords for immediate remediation. Educating users about weak passwords, and staying updated on threats and vulnerabilities to defend against emerging attacks is essential. Lastly, implement Multi-Factor Authentication (MFA) to add an extra layer of security beyond passwords.

1. Google Makes Passkeys Default for All Users
2. Why Browser Security Matters More Than You Think
3. Are We on the Brink of Saying Goodbye to Passwords?
4. Pop Culture Passwords Most Likely to Get You Hacked
5. Nissan source code leaked, it used “admin” as username, password