Researchers discover However, there is another huge set of sensitive data, an astounding 1.2 TB database containing login credentials, browser cookies, auto-fill data and payment information extracted by Malware that have not yet been identified.
Altogether, researchers from NordLocker He said on WednesdayThe database contains 26 million login credentials, 1.1 million unique email addresses, more than 2 billion browser cookies, and 6.6 million files. In some cases, the victims stored the passwords in text files created with the Notepad app.
The cache also contained more than 1 million images and more than 650,000 Word and PDF files. In addition, the malware made a screenshot after it infected the computer and took a picture using the device’s webcam. The stolen data also came from messaging, email, games and file sharing apps. Data was extracted between 2018 and 2020 from more than 3 million personal computers.
The discovery comes amid an epidemic of security breaches Include ransomware and other types of malware that infect large corporations. In some cases, including May Ransomware attack on the colony pipelineFor the first time, hackers gained access using the hacked accounts. Many of these credentials are available for sale online.
Such data is often collected by compromised malware installed by an attacker trying to steal, said Alon Gal, co-founder and chief technology officer of security firm Hudson Rock. Cryptocurrency or committing a similar type of crime.
Gal told me that the attacker “will then most likely try to steal the cryptocurrency, and once they are done with the information, will sell groups with expertise in ransomware, data breaches, and corporate spying.” These hackers capture your browser passwords, cookies, files, and more and send them to [command and control server] from the attacker.
NordLocker researchers said there is no shortage of resources for attackers to secure such information.
“The reality is that anyone can get their hands on custom malware,” the researchers wrote. It’s cheap, customizable, and can be found all over the web. dark web The advertisements of these viruses reveal more truth about this market. For example, anyone can get their own custom malware and even lessons on how to use stolen data for as little as $100. And custom does not mean customization – advertisers promise that they can create a virus to attack almost any application a buyer needs.”
NordLocker was unable to identify the malware used in this case. Gal said that from 2018 to 2019, widely used malware was included Azorult And more recently, the information thief known as raccoon. Once infected, the PC will regularly send the stolen data to a command and control server operated by the attacker.
Overall, the malware collected account credentials for nearly a million websites, including Facebook, Twitter, Amazon and Gmail. Of the 2 billion cookies that were extracted, 22 percent were still valid at the time of discovery. Files can be useful in putting together the habits and interests of victims, and if cookies are used for authentication, they allow access to a person’s online accounts. NordLocker provides other characters Here.
This story originally appeared Ars Technica.
More great wired stories