Posted on July 9, 2021 at 5:43 PM
Cybersecurity researchers have unveiled a new set of Trojan-type malware that has compromised millions of Windows computers, stealing 26 million login details in the process.
The researchers from Nord Security said the login details were stolen from over a million websites, and they are grouped into different categories. These include financial platforms, eCommerce platforms, file storage and sharing services, social media platforms, as well as popular email services.
Threat actors stole a million email addresses
In total, the report revealed that the new Trojan succeeded in stealing about 1.2 terabytes of personal data, with more than two billion cookies and a million unique email addresses. There are millions of other details the threat actors were able to steal, according to the researchers.
The Nord security researchers noted that each malware that gets worldwide attention has thousands of custom viruses designed specifically for the needs of the buyer. This is not helped by the fact that there are several nameless malicious codes easily sold on private chats and forums at very cheap amounts.
The malware also stole 6 million files from the victims’ download folders and desktops. Additionally, the malware took screenshots of the compromised systems and tried to take a picture of the victim using the device’s webcam.
Wi-Fi networks are vulnerable to attacks
Nord Security added that there are other worries apart from the activities of the unnamed malware on users’ data. The researchers highlighted the dangers of vulnerable devices with wi-fi connections.
According to the researchers, about a quarter of Wi-Fi networks have no password protection or encryption. This makes them vulnerable to a wide range of attacks apart from malware.
Unfortunately, antimalware software such as antiviruses are powerless for some types of vulnerabilities. They cannot offer full protection to all types of devices, which gives threat actors windows of opportunities to exploit.
In several cases, the firewalls of public Wi-Fi can be configured poorly, which may allow threat actors to monitor users’ Wi-Fi connections.
Digital security expert at NordVPN, Daniel Markuson, stated that the widespread poor configuration of firewalls for public Wi-Fi has given threat actors more impetus to try to launch attacks.
Increasing spate of attacks
Hackers are now using the different attacking mechanism to launch series of attacks on organizations and users.
Last week, the REvil ransomware group demanded $70 million as a price they will take to unlock the systems encrypted during the Kaseya supply-chain attack. The gang says it wants the ransom in Bitcoin before releasing the tool that enables all affected businesses to recover their files.
The Friday attack was carried out through Kaseya VSA cloud-based solution, which is utilized by managed service providers (MSPs) for patch management and to monitor customer systems.
It has been the highest ever ransom demand. Interestingly, it seems the group is trying to break its record, after asking $50 million during the attack of Taiwanese electronic and computer maker Acer.
Supply chain attack is one of the most dangerous forms of attacks employed by threat actors. They do not need to attack thousands and millions of computers individually. Instead, they focus on attacking the company that supplies the software to all computers. Once they have been able to compromise the supplier, all other computers under the victim will be at risk. That’s the scenario that played out during the REvil Kesaya ransomware attack.
Users advised to be wary of public Wi-Fi
Security researchers have advised users to be wary of using public Wi-Fi when connecting to the internet. Many of the networks are easily compromised. So, even if they must use the network, they must make sure they have strong password protection.
They are also advised not to use a single login detail with another account, since the threat actors can compromise other accounts using the already exposed login details. Additionally, the users are asked to use multi-factor authentication in any registered website possible. This will make it very difficult for the threat actors to bypass or infiltrate the accounts.