https://safirsoft.com Nameless malware collects 1.2TB of sensitive data and stashes it online

Massive trove can be used for ransomware, espionage, and more.

Researchers have discovered yet another massive trove of sensitive data, a dizzying 1.2TB database containing login credentials, browser cookies, autofill data, and payment information extracted by malware that has yet to be identified.

In all, researchers from NordLocker said on Wednesday, the database contained 26 million login credentials, 1.1 million unique email addresses, more than 2 billion browser cookies, and 6.6 million files. In some cases, victims stored passwords in text files created with the Notepad application.

The stash also included over 1 million images and more than 650,000 Word and .pdf files. Additionally, the malware made a screenshot after it infected the computer and took a picture using the device’s webcam. Stolen data also came from apps for messaging, email, gaming, and file-sharing. The data was extracted between 2018 and 2020 from more than 3 million PCs.

A booming market

Further ReadingColonial Pipeline resumes operations after ransomware prompted closureThe discovery comes amid an epidemic of security breaches involving ransomware and other types of malware hitting large companies. In some cases, including the May ransomware attack on Colonial Pipeline, hackers first gained access using compromised accounts. Many such credentials are available for sale online.

Alon Gal—co-founder and CTO of security firm Hudson Rock—said that in many cases, such data such is first collected by stealer malware installed by an attacker attempting to steal cryptocurrency or commit a similar type of crime.

Advertisement

The attacker “will likely then try to steal cryptocurrencies, and once he is done with the information, he will sell to groups whose expertise is ransomware, data breaches, and corporate espionage,” Gal told me. “These stealers are capturing browser passwords, cookies, files, and much more and sending it to the [command and control server] of the attacker.”

NordLocker researchers said there’s no shortage of sources for attackers to secure such information.

“The truth is, anyone can get their hands on custom malware,” the researchers wrote. “It’s cheap, customizable, and can be found all over the web. Dark web ads for these viruses uncover even more truth about this market. For instance, anyone can get their own custom malware and even lessons on how to use the stolen data for as little as $100. And custom does mean custom—advertisers promise that they can build a virus to attack virtually any app the buyer needs.”

NordLocker hasn’t been able to identify the malware used in this case. Gal said that from 2018 to 2019, widely used malware included Azorult and, more recently, an info stealer known as Raccoon. Once infected, a PC will regularly send pilfered data to a command and control server operated by the attacker.

In all, the malware collected account credentials for almost 1 million sites, including Facebook, Twitter, Amazon, and Gmail. Of the 2 billion cookies extracted, 22 percent remained valid at the time of the discovery. The files can be useful in piecing together the habits and interests of the victim, and if the cookies are used for authentication, they give access to the person’s online accounts. NordLocker provides other figures here.

People who want to determine if their data got swept up by the malware can check the Have I Been Pwned breach notification service.

Nameless malware collects 1.2TB of sensitive data and stashes it online
nameless-malware-collects-1-2tb-of-sensitive-data-and.html

https://safirsoft.com Here are a bunch of iOS 15 features that Apple didn’t mention earlier

Here are a bunch of iOS 15 features that Apple didn’t mention earlier

As usual, some of the most intriguing changes weren't necessarily the biggest.

As Apple's annual WWDC conference wraps up, we have a whole week ...

https://safirsoft.com CD Projekt Red says its data is likely circulating online after ransom attack

CD Projekt Red says its data is likely circulating online after ransom attack

Data taken in breach disclosed in February likely related to employees and contractors.

CD Projekt Red, the maker of The Witcher series, Cyberpu...

https://safirsoft.com MySQL 101: Installation, care, and feeding on Ubuntu

MySQL 101: Installation, care, and feeding on Ubuntu

If you've got 15 minutes, we can show you the ropes of basic MySQL management.

One of the tasks nearly any sysadmin frequently encounters is the...

https://safirsoft.com Google Chrome ends its war on address bar URLs—for now, at least

Google Chrome ends its war on address bar URLs—for now, at least

As it turns out, hiding URL information does not help security.

Chrome is ending its war on address bar URLs—at least for now. About a year a...

https://safirsoft.com Android 12’s beautiful color-changing UI already lives up to the hype

Android 12’s beautiful color-changing UI already lives up to the hype

Android 12's "Material You" UI debuts in Beta 2, and we go hands-on.

Android 12 Beta 2 came out this week, and with it, a lot of features we've ...

https://safirsoft.com iOS, web versions of Dark Sky weather app will shut down in 2022

iOS, web versions of Dark Sky weather app will shut down in 2022

Apple already shut down the Android version after acquiring the app last year.

A new blog post from the developers of Apple-owned, hyperlocal we...