A mysterious malware stole 26 million passwords from a Windows PC

  • by
  • 3 min read

The researchers discovered Another great amount of delicate information, a dizzying 1.2 TB database, which accommodates login credentials, browser cookies, auto-fill information, and malicious software unsure but.

In common, researchers from NordLocker Said Wednesday, The database accommodates 26 million login credentials, 1.1 million distinctive e mail addresses, greater than 2 billion browser cookies, and 6.6 million recordsdata. In some circumstances, the sufferer saved the password in a textual content file created utilizing the Notepad utility.

The stash additionally consists of greater than 1 million photographs and greater than 650,000 Word and PDF recordsdata. In addition, the malware made screenshots after infecting the pc and taking photos utilizing the gadget’s webcam. The stolen information additionally got here from functions used for messaging, e mail, video games, and file sharing. The information was extracted from greater than 3 million PCs between 2018 and 2020.

This discovery comes at a time when safety vulnerabilities are flooding (*26*) And different forms of malware assault massive firms.In some circumstances, together with May Ransomware attack on Colonial Pipeline, The hacker first used the stolen account to realize entry. Many of those vouchers might be offered on-line.

Alon Gal, co-founder and chief know-how officer of safety firm Hudson Rock, mentioned that such information is normally first collected by stealing malware put in by attackers attempting to steal. Cryptocurrency Or commit a related crime.

The attacker “may then try to steal the cryptocurrency, and once he has processed the information, he will sell it to groups that specialize in ransomware, data breaches, and corporate espionage,” Gal informed me. “These stealers are capturing browser passwords, cookies, files, etc., and sending them to [command and control server] attacker. “

NordLocker researchers mentioned that there isn’t a scarcity of sources for attackers to guard such data.

“The truth is that anyone can access custom malware,” the researcher wrote. “It’s cheap, customizable, and can be found all over the web. Dark web These viral advertisements reveal more truth about the market. For example, anyone can get their own custom malware for as low as $100, and can even learn how to use stolen data. And customization does mean customization-advertisers promise that they can build a virus to attack almost any application the buyer needs. “

NordLocker can’t establish the malware used on this state of affairs. Gal acknowledged that from 2018 to 2019, probably the most broadly used malware included Azorut And, just lately, an data stealer has been referred to as raccoonOnce contaminated, the PC will periodically ship the stolen information to the command and management server operated by the attacker.

In whole, the malware collected account credentials for practically 1 million web sites, together with Facebook, Twitter, Amazon, and Gmail. Of the two billion cookies extracted, 22% have been nonetheless legitimate on the time of discovery. These recordsdata can be utilized to piece collectively the habits and pursuits of the sufferer, and if a cookie is used for authentication, the particular person’s on-line account might be accessed. NordLocker offers extra information Here.

People who wish to decide whether or not their information has been wiped by malware can test Am i stolen Violation notification service, it simply Uploaded a list of stolen accounts.

This story initially appeared in Ars Technica.


More thrilling connection tales

.