Mystery malware steals 26M passwords from millions of PCs

NordLocker have discovered an impressive database of information collected by unknown custom malware from more than 3 million Windows-based computers.

The 1.2 TB database contained 6.6 million files, 26 million credentials, and 2 billion authorization cookies, with 400 million of them valid at the time the database was discovered.

Researchers were unable to identify the malware through which the information was collected, but it is known that it spread from 2018 to 2020 through malicious versions of Adobe Photoshop, pirated games and Windows hacking tools.

“In fact, anyone can access custom malware. It’s cheap, customizable, and can be found on the darknet. For example, for just $ 100, anyone can find their own custom malware and even lessons on using stolen data, ”the researchers noted.

The credentials contained in the database included 1.1 million unique email addresses used as logins for various applications and services, including social networks, job search sites, online stores, financial services, etc.

Moreover, the database contained credentials, as well as information from autocomplete fields and payment data stolen from 48 applications, mainly browsers and email clients, such as Google Chrome (19.4 million entries), Mozilla Firefox (3.3 million entries ), Opera (2 million entries) Internet Explorer / Microsoft Edge (1.3 million entries), Chromium (1 million entries), CocCoc (451,962 entries), Outlook (111,732 entries), Yandex (79,530 entries), Torch ( 57,427 million records), Thunderbird (42,057 million records).

Among other things, experts found in the database a total of 6 million files stolen by malware from the download folders and the desktop. The information included 3 million text files, over 1 million images, and over 600,000 Microsoft Word and PDF documents.

The database also contained a huge number of stolen cookies for e-commerce sites, gaming sites, file hosting, video streaming services, social media, as well as cookies used for user tracking and targeted advertising.

Experts believe that the owners of the base accidentally revealed its location. NordLocker has already notified the cloud hosting provider of its find.

Catch up on more articles here

Follow us on Twitter here


Must read


Related Posts