A unique look into unreported Trojan malware that stole 1.2 TB of personal data

Researchers found a 1.2 TB database of passwords, cookies, and files stolen from over 3 million computers by a malicious Trojan


LONDON, June 16, 2021 (GLOBE NEWSWIRE) -- The new study by NordLocker in partnership with third-party researchers has analyzed statistical data gathered from 3.25 million Windows-based computers worldwide infected with a malicious Trojan. The recently discovered database hosts 1.2 TB of stolen information, including billions of personal records like passwords, cookies, and files, that dates back to 2018-2020.

“This Trojan is just the tip of the iceberg, as unaware users are exposed to thousands of types of malware every day,” says Oliver Noble, a cybersecurity expert at NordLocker. “Our case study digs deeper into malware to illustrate how bad actors operate and what damage computer viruses can actually cause.”

Credentials

The unnamed malware, which was transmitted via email attachments and illegal software, successfully stole around 26 million credentials from around 1 million different websites. The most affected services were Facebook (1.47 million of stolen credentials) and Google (1.54 million).

“Stolen credentials, i.e. a username or an email accompanied by a password, can wreak havoc not only on your social media. Imagine hackers getting their hands on your private emails, financial services, and even online shopping accounts, which usually contain your credit card details,” warns Oliver Noble.

Cookies

Among the staggering amount of stolen data, NordLocker analysts found more than 2 billion cookies, 22% of which were valid on the day of the discovery. The majority of stolen cookies come from YouTube (17.1 million of stolen cookies), Facebook (8 million), AliExpress (4.8 million), and Steam (2 million).

Cookies are essential for some websites to operate, but they can also help hackers construct a pretty accurate picture of a website visitor, including their location, browsing history, habits, and interests. If a cookie gets hijacked, a cybercriminal might impersonate a victim and even gain unauthorized access to their online accounts.

Files

The malware stole over 6.6 million files the affected users stored on their desktops and in the Downloads folder. Of those files, 50% are text files, while over 16% are image files like .png and .jpg, and around 10.5% of all stolen files are of .doc, .docx, and .pdf type.

“We found that some people still store confidential documents, photocopies of passports, and even passwords written down in Notepad on their desktop, thus risking the exposure of their most sensitive data,” says the cybersecurity expert at NordLocker.

What is malware and how can users protect themselves from it?

Malware, or malicious software, is a harmful program designed by hackers to damage or gain access to a device and exploit its contents. Malware usually hides in email attachments and illegal or cracked software.

“For every malware that gets worldwide recognition and coverage, there are thousands of smaller yet very efficient custom viruses. These are nameless pieces of malicious code that are compiled and sold on online forums and in private chats for as little as $100,” Oliver Noble explains. “Our malware case study shows only a small part of the information that is stolen by malware every day. Therefore, users need to stay alert and take precautions to protect their personal computers and everything on them.“

  • Learn to identify phishing emails. Don’t download suspicious attachments or click on scammy links within an email. Always verify the sender and the contents before clicking anything inside.
  • Use a password manager to help you generate complex and unique passwords and store them in a safe vault.
  • Download software only from reputable sources. Malware is often distributed through illegal programs, so make sure to only use legal software that you acquired from official brands and websites.
  • Encrypt sensitive files stored on your computer and in the cloud. There’re easy-to-use file encryption tools like NordLocker that turn your information into uncrackable codes that even skilled hackers can’t read without your permission.
  • Store your files in an encrypted cloud. In many cases, an end-to-end encrypted cloud is the ultimate security tool. It protects your data from malware and provides a backup in case of loss or if your system is infected with ransomware.

Note: NordLocker reported the findings to US-CERT and the cloud storage provider, which has taken the open database down.

ABOUT NORDLOCKER

NordLocker is the world’s first end-to-end file encryption tool with a private cloud. It was created by the cybersecurity experts behind NordVPN – one of the most advanced VPN service providers in the world. NordLocker is available for Windows and macOS, supports all file types, offers a fast and intuitive interface, and guarantees secure sync between devices. With NordLocker, files are protected from hacking, surveillance, and data collection. For more information: nordlocker.com.

Contact:

Skirmante Akinyte
skirmante@nordsec.com