A Trojan virus that infected millions of PCs and stole 1.2 terabytes of personal information was widely spread through illegal programs, including pirated games and a broken version of Adobe Photoshop, security researchers. Said NordLocker. Inside the stolen data treasure were 1.1 million unique email addresses and 26 million login credentials, among other things.
NordLocker says a group of hackers accidentally revealed the location of the database that contained the stolen data, and once NordLocker became aware, it worked with a third-party company that specializes in investigating data breaches in evaluate the contents of the database.
What they discovered is that a variety of custom malware infiltrated 3.2 million Windows PCs between 2018 and 2020. The database contained 2 billion cookies, of which more than 400 million (22% ) were still valid.
The database also contained 6 million files ripped from desktop folders and downloaded to compromised systems. About 900,000 image files, more than 600,000 Word files, and 3 million text files made up the majority of the stolen content, although it also included more than 1,000 other file types. This is a lot of data, and to help you manage it all, the malware assigned unique device identifiers to the data to make it easier to sort.
"Screenshots taken by the malicious software reveal that it spread through illegal software (Adobe Photoshop), Windows cracking tools and pirated games. In addition, the malware also photographed the user if the device had a webcam, "NordLocker said.
This specific malware campaign has no name, in part because it flew under the radar while it was active, and probably disappeared. According to NordLocker, unnamed (or custom) Trojans like this are sold online in private forums and private chats, sometimes for no more than $ 100.
“Its low profile often helps these viruses go undetected and their creators go unpunished … It’s a booming market where the creator sells malware, teaches the buyer how to use it and even shows how to take advantage of the stolen data, ”says NordLocker.
This is a self-service report, as NordLocker sells one Best VPN for Gaming as well as offers encrypted cloud backups. So it’s no surprise that one of their recommended actions is to test your private cloud service.
Either way, this happened, infected many computers, and there are certainly other covert malware campaigns that do similar things. Of course, avoiding incomplete sites that offer broken downloads is always a good idea.
Regarding this particular campaign, NordLocker reported the database open to US-CERT and said that 1.1 million unique email addresses have been uploaded to I've been hung up, an ingenious resource for checking if any of your accounts have been part of a known security breach. The tool is about to become even more useful, as Have I Been Pwned recently partnered with the FBI for more timely updates and is also open source.