Nameless malware siphoned 1.2TB of personal info from Windows PC

Share on facebook
Share on twitter
Share on linkedin
Share on email

Here’s a great example of why everybody should take security seriously – NordLocker has discovered a trove of personal information siphoned by malware that, at of time of writing, doesn’t have a name.

Not having a name hasn’t made the malware any less effective however and, looking at the report from NordLocker, this malware was incredibly effective.

Thanks to a hacker group accidentally revealing the location of the database, NordLocker together with third-party researchers discovered the database contained cookies and credentials from 3.2 million Windows PCs.

“The data was stolen between 2018 and 2020. The database included 2 billion cookies. The analysis revealed that over 400 million, or 22 percent, of those cookies were still valid at the time when the database was discovered,” the researchers wrote.

The malware reportedly siphoned off six million files from Desktop and Downloads folders:

• 3 million text files
• 900 000 image files
• 600 000+ Word files
• 1000 files of different types

The biggest concern is the login credentials that were stolen.

“The database contains cookies, credentials, autofill data, and payment information from 48 applications. The research shows that the malware targeted apps, mostly web browsers, to steal the vast majority of data. The malware also stole data from messaging apps, email clients, file-sharing clients, and some gaming clients,” writes NordLocker.

How was this malware able to reach so many users and remain undetected? In a word – piracy.

Pirated copies of Adobe Photoshop, Windows cracking tools and pirated games screenshot by the malware tell researchers this is likely how it was spread. Email also served as an attack vector the researchers said.

The researchers at NordLocker also reveal that the malware would snap photos of the user if they had a webcam attached to their PC.

The email addresses contained in the breach have been given to Have I Been Pwned and you can plug your email address into the service to see if you had your data unknowingly siphoned off by malware.

[Source – NordLocker] [Image – CC 0 Pixabay]

Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.

NEWSLETTER