Posted on June 13, 2021 at 5:55 PM
NordLocker has uncovered malware that stole 1.2 TB of private data. The malware is a custom Trojan horse that has infiltrated more than 3 million window computers and made aware with a lot of personal information. The malware study by NordLocker was done together with a third-party firm that specialises in analysing data breaches.
About the Malware
As mentioned earlier, the malware is a form of a Trojan transferred to victim devices using email and illegal software. Some of the software programs used include the illegal Adobe Photoshop 2018, some game software and a windows cracking tool.
The data collected in the process was found in 3.25 million computers around the world that operated on the windows system. The malware made away with almost 26 million login details that contained 1.1 million email addresses, more than 2 billion cookies and 6.6 million files.
The type of malware that has been used here is a custom one that is readily available on the internet for as low as $100. The malware usually maintains a low profile, which makes it go undetected for long, and the creators of the malware are never identified.
According to NordLocker, the malware was injected into devices between 2018 and 2020, and it was within this time that the private data from users was stolen. Once the malware stole the data, each one is given a unique ID, making it easy for it to be sorted by the source device.
The research results also revealed that the malware also targeted files that were stored in various parts of the device, such as the desktop and download files. More than six million files were stolen in the process.
More than half of the stolen data was in text form. According to the research, most of the text will include software logs. The data revealed that some people were using their device’s notepad to note down their passwords, personal notes and other sensitive data.
The malware made away, with more than one million images, including 696,000 png files and 224,000 jpg files. More than 650,000-word documents were also stolen as well as PDF files. The analysis further revealed that the malware took a screenshot of the files, and it also infiltrated the webcam to take a picture.
In addition, 2 billion cookie data was also stoles, and out of this, 22% was still valid as of when the data was discovered. Cookies are very useful to threat actors because they help analyse a user based on their habits and interests. In some instances, cookies can also be used to obtain access to the user’s online accounts. The malware grouped the cookie data into five categories.
The database acquired from the malware also shows that cookies, credentials, auto-fill data and payment information were also acquired from 48 systems during the infiltration. The data also shows that the system affected various sections, including messaging apps, email, file-sharing platforms, and gaming platforms.
Malware is a small program that is attached to an email or software. While some form of malware infects the device directly, some may wait for a while before the damage happens. Malware is injected into devices for multiple reasons. Some may harm a device, some of it may be used for ransomware, and other forms of malware may help hackers access another device.
Malware has become a great threat to internet users because some form of custom malware can easily be accessed over the internet for as little as $100. Custom malware is a booming business that is leading to massive losses of data while profiting most hackers.