Between 2018 and 2020, a mysterious strain of malware infected and stole sensitive data from approximately 3.25 million Windows-based computerstaking with it a horrifying amount of intimate information about the users of those devices.
The data includes login credentialsboth usernames and passwordsfor dozens of online platforms, as well as billions of browser cookies, millions of user files stolen right off of infected desktops and, in some cases, pictures of the devices user taken with the computers own webcam.
The malicious epidemic was uncovered recently when a large database of the stolen information was spotted on the dark web, reports NordLocker in a new analysis of the incident.
The firm characterizes the virus as Trojan-style malware that was deployed onto computers via email and by illegal software, such as pirated versions of games and Adobe Photoshop, as well as Windows cracking tools. The malware was unnamed and likely a cheap, customizable variant that could be purchased easily on the dark web.
Nameless, or custom, trojans such as this are widely available online for as little as $100. Their low profile often helps these viruses stay undetected and their creators unpunished, analysts write.
According to Nord, the malware took careful steps to catalog people it had compromised, even assigning unique device IDs to the stolen data, so it can be sorted by the source device and also frequently photographing the computers user if their device had a webcam.
As to the stolen data, its pretty overwhelming. The compromised login information includes 1,471,416 Facebook credentials; 261,773 Twitter credentials; 145,436 PayPal credentials; 87,282 Dropbox credentials; 1,540,650 Google account credentials, and so on. Other compromised accounts include Coinbase, Blockchain, Outlook, Skype, Netflix…you get the picture.
On top of this, the malware also apparently took screenshots of the desktops it had infected, which retroactively helped researchers piece together just how much information had been compromised. To get a better idea of how extensive the damage is, here is a little breakdown:
- 2 billion cookies
- 26 million login credentials
- 6.6. million files (apparently stolen off of desktops)
- Upwards of 1 million images (696,000 .png and 224,000 .jpg files)
- More than 650,000 Word documents and .pdf files
So, yeah, its all pretty disturbing. The market for personal information on the dark webparticularly login credentialshas always been big, but its seen a real uptick in recent years. Hundreds of millions of passwords are compromised every year through cyberattacks and breaches, leaving victims at the mercy of money-grubbing goons. While its up to you to decide how to protect yourself, theres no shortage of resources out there and, it goes without saying, theyre worth checking out.
You can check out a more detailed breakdown of all of the stolen files here.