Alarming Malware Discovery Reveals 1.2 TB Data Theft From Millions Of Windows PCs
Sometimes you may not know that you have been infected with malware until it is too late, as is likely the case for users across more than three million Windows-based computers globally. In a stunning revelation, in the two years between 2018 and 2020, a Trojan-like malware managed to infiltrate millions of Windows devices and extract 1.2 terabytes of personal information.
On Wednesday, NordLocker, a subsidiary of NordVPN, released malware research that led to discovering a database of stolen data. The stolen information includes nearly 26 million login credentials with 1.1 million unique email addresses, 2 billion or more cookies, and roughly 6.6 million files. Over 50 percent of the stolen files were text files, but over 1 million images and over 650,000 Word and PDF files were also collected. The analysis also revealed that the malware took screenshots after infecting the computer, if it was able to, which likely accounts for the bulk of image collection.
Behind this massive collection of data is an unnamed custom strain of malware that was distributed through email and illegal software, such as “illegal Adobe Photoshop 2018, a Windows cracking tool, and several cracked games.” Due to these properties, the malware was incredibly successful in collecting data while remaining low profile. What is scary about this besides the obvious data theft, as NordLocker explains, is that “anyone can get their own custom malware and even lessons on how to use the stolen data for as little as $100.” This is all part of the growth in ransomware-as-a-service (RaaS) or malware-as-a-service (MaaS), a developing market in the darkest corners of the web.
With this discovery, attacks and malware concerns will continue to rise, and people need to remain vigilant for security threats. Hopefully, we will begin to see a crackdown on things like this from the government, which has begun to treat ransomware and various forms of criminal hacking like terrorism. In any case, feel free to sound off on any of this, and all the other recent cybersecurity incidents, in the comments below.