An unknown piece of malware stole more than 26 million passwords from Windows PCs.

ByShehryar Makhdoom | Published date:
an-unknown-piece-of-malware-stole-more-than-26-million-passwords-from-windows-pc

The credentials were discovered as part of a collection containing 1.2 gigabytes of sensitive data gathered between 2018 and 2020.

RESEARCHERS HAVE FOUND ANOTHER MASSIVE goldmine of sensitive data, this time a 1.2 TB database comprising login credentials, browser cookies, autofill data, and payment information retrieved by malware that has yet to be identified.

According to NordLocker experts, the database had 26 million login passwords, 1.1 million unique email addresses, more than 2 billion browser cookies, and 6.6 million files in total. Passwords were stored in text files made using the Notepad application in some situations.

According to Gal, the attacker "will likely thereafter try to steal cryptocurrency, and once he is finished with the information, he will sell groups whose specialization in ransomware, data breaches, and corporate espionage." "These thieves take browser passwords, cookies, files, and other information and send it to the attacker's [command and control server]."

According to NordLocker researchers, attackers have a plethora of options for securing such information.

"The truth is that anyone can obtain bespoke malware," the researchers said. "It's inexpensive, customizable, and widely available on the internet. Dark web advertisements for this malware reveal considerably more information about this industry. For example, for as little as $100, anyone can create their own unique virus and even train on how to use the stolen data. And custom does mean bespoke—advertisers claim to be able to create a virus that can attack practically any app the consumer requires."

The malware employed in this case has not been identified by NordLocker. According to Gal, widespread malware from 2018 to 2019 included Azorult and, more recently, Raccoon, an information stealer. Once infected, a PC will communicate stolen data to the attacker's command and control server on a regular basis.

In total, the spyware gathered account credentials for about 1 million websites, including Facebook, Twitter, Amazon, and Gmail. At the time of the discovery, 22% of the 2 billion cookies extracted were still valid. The information can be used to piece together the victims' habits and interests, and if the cookies are used for authentication, they grant access to the person's online accounts. Other numbers are available from NordLocker.

People who wish to know if their data was compromised by the malware can use the Have I Been Pwned breach notification service, which has recently posted a list of compromised accounts.

Comment