In the latest developments, Nordlocker security researchers have found that an unnamed malware has compromised more than 3.2 million PCs and stole a whopping 1.2 TB of private data.
Nameless malware campaign hoards all types of sensitive data:
According to the latest Nordlocker research, the massive hoard of data contained 1.1 unique email IDs and 26 million login credentials amongst other types of private data.
The security research provided that threat actors had accidentally disclosed the location of the massive data containing the hijacked data and when Nordloacker found the location of the database, they worked in coordination with specialists to research the nature of the data that was found.
The investigation revealed that a custom, yet unnamed malware strain had intruded on more than 3.2 million Windows PCs between the period of 2018 to 2020.
The database encompassed a whopping 2 billion cookies out of which, 22% i.e 400 million were still found valid.
To details the further contents of the database, it comprised huge data of sensitive nature such as 6 million files plucked from the Desktop and Downloads folders on victim systems, more than 900,000 image files, over 600,000 Word files, and 3 million text files made up the majority of the stolen contents, though it also included over 1,000 types of other files.
Further investigation of the database also revealed that to manage such a massive amount of data, the malware attributed separate, unique device IDs to the data for smoother classification.
Nordlocker also provided statements regarding the database and noted that, “Screenshots made by the malware reveal that it spread via illegal software (Adobe Photoshop), Windows cracking tools, and pirated games. Moreover, the malware also photographed the user if the device had a webcam”
The malware, yet unnamed, reportedly managed to remain undetected when active and subsequently disappeared after deploying and completing the malware campaign. Its namelessness is attributed to the same fact.
Security experts from Nordlocker are of the opinion that such type of malware or trojan are commonly traded on dark web markets and forums, for prices as low as $100
“Their low profile often helps these viruses stay undetected and their creators unpunished…It’s a booming market where the creator sells the malware, teaches the buyer how to use it, and even shows how to profit off the stolen data,” states NordLocker.
Nordlocker has reportedly forwarded the massive open-database hoard to US-CERT. Subsequently, the 1.1 million unique email IDs have been uploaded to Have I Been Pwned, where users can check if their email ID has been compromised in the massive nameless malware campaign.