Researchers have discovered yet another massive find of sensitive data, a dizzying 1.2 TB database containing connection credentials, browser cookies, authentication data and payment information extracted from malware which has not yet been identified.
In all, researchers from NordLocker he said Wednesday, The database contains 26 million login credentials, 1.1 million unique email addresses, more than 2 billion browser cookies, and 6.6 million files. In some cases, victims have saved passwords in text files created with the Notepad application.
The stash also included more than 1 million images and more than 650,000 Word and PDF files. In addition, the malware took a screenshot after infecting the computer and took a photo with the device’s webcam. The stolen data also comes from apps for messaging, email, games and file sharing. Data were extracted between 2018 and 2020 from more than 3 million PCs.
The discovery comes amid an epidemic of security breaches which involves ransomware and other types of malware that affect large companies. In some cases, including May ransomware attack at Colonial Pipeline, hackers have first access using compromised accounts. Many credentials are available for sale online.
Alon Gal, co-founder and CTO of security company Hudson Rock, said such data is often first collected by malware stealer installed by an attacker trying to steal it. cryptocurrency or commit a similar type of crime.
The attacker “will be able to try to steal cryptocurrencies, and once he finishes the information, he will sell it to groups whose competence is ransomware, data breaches and corporate espionage,” Gal told me. “These stealers capture browser passwords, cookies, cookies, and much more and send it to the [command and control server] of the attack. “
NordLocker researchers said there is no shortage of sources for attackers to secure such information.
“The truth is, anyone can get their hands on custom malware,” the researchers wrote. “It’s good, customizable, and can be found all over the web.” Dark web advertising for these viruses reveals even more truth about this market. For example, anyone can get their own custom malware as well as lessons on how to use stolen data for only $ 100. And that means habit – advertisers promise to be able to build a virus to attack virtually any app the buyer needs “.
NordLocker has not been able to identify the malware used in this case. Gal said that from 2018 to 2019, a widely used malware is included Azorult and, more recently, an information stealer known as Raccoon. Once infected, a PC will regularly send pilfered data to a command and control server operated by the attacker.
In all, the malware collected account credentials for nearly 1 million sites, including Facebook, Twitter, Amazon and Gmail. Of the 2 billion cookies extracted, 22 percent remained valid at the time of discovery. The cookies can be useful for gathering the habits and interests of the victims, and if cookies are used for authentication, they give access to the person’s online accounts. NordLocker provides other figures here.
This story originally appeared in Ars Technica.
More Great Stories WIRED