The researchers found Another large amount of sensitive data, a dizzying 1.2 TB database, which contains login credentials, browser cookies, auto-fill data, and malicious software not sure yet.
In general, researchers from NordLocker Said Wednesday, The database contains 26 million login credentials, 1.1 million unique email addresses, more than 2 billion browser cookies, and 6.6 million files. In some cases, the victim stored the password in a text file created using the Notepad application.
The stash also includes more than 1 million images and more than 650,000 Word and PDF files. In addition, the malware took screenshots after infecting the computer and used the device’s webcam to take pictures. The stolen data also came from applications used for messaging, email, games, and file sharing. The data was extracted from more than 3 million PCs between 2018 and 2020.
This discovery comes at a time when security vulnerabilities are flooding Ransomware involved And other types of malware attack large companies.In some cases, including May Ransomware attack on Colonial Pipeline, The hacker first used the stolen account to gain access. Many of these vouchers can be sold online.
Alon Gal, co-founder and chief technology officer of security company Hudson Rock, said such data is usually first collected by stealing malware installed by attackers trying to steal. Cryptocurrency Or commit a similar crime.
The attacker “may then try to steal the cryptocurrency, and once he has processed the information, he will sell it to groups that specialize in ransomware, data breaches, and corporate espionage,” Gal told me. “These stealers are capturing browser passwords, cookies, files, etc., and sending them to [command and control server] Attacker. “
NordLocker researchers said that there is no shortage of sources for attackers to protect such information.
“The truth is that anyone can access custom malware,” the researcher wrote. “It’s cheap, customizable, and can be found all over the web. Dark web These viral advertisements reveal more truth about this market. For example, anyone can get their own custom malware for as low as $100, and can even learn how to use stolen data. Customization does mean customization-advertisers promise that they can build a virus to attack almost any application the buyer needs. “
NordLocker cannot identify the malware used in this situation. Gal stated that from 2018 to 2019, the most widely used malware included Azorut And, recently, an information stealer has been called raccoonOnce infected, the PC will periodically send the stolen data to the command and control server operated by the attacker.
In total, the malware collected account credentials for nearly 1 million websites, including Facebook, Twitter, Amazon, and Gmail. Of the 2 billion cookies extracted, 22% were still valid at the time of discovery. These files can be used to piece together the habits and interests of the victim, and if a cookie is used for authentication, the person’s online account can be accessed. NordLocker provides additional data Here.
This story originally appeared in Ars Technica.
More exciting connection stories