Malware can use massive trove for ransomware, espionage, and more.
Research analysts have uncovered another extensive accumulation of sensitive data, a 1.2TB mountain of database holding login credentials, browser cookies, autofill information, and payment data stolen by malware that has yet to be identified.
Overall, the researchers from NordLocker reported on Wednesday; the database include a humongous 26 million login credentials, 1.1 million email addresses, beyond 2 billion browser cookies, and 6.6 million various files. In specific instance, victims stored passwords in text files saved with the Notepad application.
The cache also contained over 1 million images and more than 650,000 Word and PDF files. Furthermore, the malware made a screenshot after it infected the computer and took a picture of the location using the device’s webcam. Hijacked data also came from apps for messaging, email, gaming, and file-sharing. The information was obtained between 2018 and 2020 from exceeding 3 million PCs.
The detection comes during an epidemic of security breaches comprising ransomware and other types of malware attacking large companies. In most cases, which includes the May ransomware attack on Colonial Pipeline, cybercriminals first acquired access using compromised accounts. Several personal information are readily available for sale online.
The co-founder and CTO of security firm Hudson Rock, Alon Gal, stated that the data is usually first collected by stealer malware. This is installed by a hacker trying to steal cryptocurrency or perpetuate a similar type of cybercrime.
Gal stated that,
The hacker “will likely then try to steal cryptocurrencies, and once he is done with the information; he will sell to groups whose expertise is ransomware, data breaches, and corporate espionage. These stealers are capturing browser passwords, cookies, files, and much more and sending it to the [command and control server] of the attacker.”
Where do they come from?
NordLocker researchers stated there’s no deficiency of sources for hackers to steal such data.
“It’s cheap, customizable, and can be found all over the web. Dark web ads for these viruses uncover even more truth about this market. For instance, anyone can get their custom malware; even learn how to use the stolen data for as little as $100. And custom does mean custom—advertisers promise that they can build a virus to attack virtually any app the buyer needs.”
NordLocker hasn’t been able to determine the malware used in this attack. However, Gal told that from 2018 to 2019, widely used malware included Azorult and, just recently, a data stealer known as Raccoon. Once a PC is compromised, the malware will regularly send stolen data to a command and control server operated by the hacker.
In all, the malware stole account credentials for almost 1 million sites, including Facebook, Twitter, Amazon, and Gmail. Of the 2 billion cookies extracted, 22 percent remained valid at the time of the discovery. The files can help assemble the habits and interests of the victims; if the cookies are used for authentication, they give access to the person’s online accounts. NordLocker provides other figures here.
Similar article that you may have missed reading:
📣 Cryptonetwork.News is now on Telegram. Please click [here] to join our channel and stay updated with the latest Cryptocurrency, Blockchain, and Cryptomining headlines.