Data copying malware: researchers share e-mail addresses with have i been pwned

Data Copying Malware: Researchers share e-mail addresses with HAVE I Been Pwned

The company Nordlocker has discovered a rough quantity of sensitive records in the course of malware analyzes. Schadcode, the researchers as "Nameless malware" The data should have collapsed in the period between 2018 and 2020 of more than three million Windows computers. In order to give potentially affected at least one clue for a possible infection, Nordlocker has passed more than 1.1 million e-mail addresses originating from the data record to the Prufdi HAVE I Been Pwned.

Nordlocker’s executions according to the "prey" The nameless malware besides said addresses, among other things, complete access records for partly well-known web services and platforms like Facebook, Google (Gmail and Co.) or Amazon. The data copied by the systems had apparently stored the harmful code in a central, UBS Internet access database. Nordlocker reported the database fund to the US Cert and the state-of-state cloud storage provider, which took the database from the network.

E-mail address examines at HIBP

HIBP offers the possibility to browse a huge database with more than 11 billion in a mail address now. Normally, this can be used to enter the relevant address directly on the homepage of HaviEnpwned.COM do. The data from Nordlocker has HIBP operator Troy Hunt, however, "Sensitive Breach" marked, so that only the owners of the e-mail addresses themselves can examine whether they are affected. This works over the menu item "Notify Me" respectively. About the counterpart "Domain search" For domain owners. In the case of a hit, a direct notification is made to the specified e-mail address.

Almost 26 million login records cited

Of the "Nameless malware"-Description of Nordlocker According to the Schadling has stolen almost 26 million login records consisting of combinations of the already mentioned e-mail addresses (or alternatively a username) with passwords of the 3.25 million Windows systems. Most credentials have been copied from browsers, especially Google Chrome,. In addition, more than two billion cookies and 6.6 million files from desktops and download folders came. For more than 50 percent of the files, it has traded text files in which the researchers had often discovered access data or other personal information.

Nordlocker arranges the copied access data ZWOLF different areas. Especially in the eye fall, among other things

  • 1.540.650 Google and 403.580 Outlook access data ("Email Services"To)
  • 1.471.416 Facebook and 261.773 Twitter access data ("Social media") and
  • 209.534 Amazon access data ("Online Marketplace"To).

Also in the areas "Online Gaming", "Streaming Services", "Financial" and Co. Some well-known names romp. The restriction is to be noted, however, that the credential yield according to Nordlocker on almost a million services and platforms "strist", Of which are not all known (and so much affected) are like the examples mentioned here. In addition, the data was apparently within a period of about two years (and before 2021) gained, so that the update and oversight of many access records could be questionable.

Unrestive, but for durable

The name "Nameless malware" Clarifiers that the current harmful code find is neither a single case nor a particularly refined shady species. In fact, Nordlocker emphasizes that Trojans of this kind on striking platforms are massive and already for about 100 US dollars; It deals with a booming market.

Rather unspectacular also mutates the distribution path of malicious software: she was in the luggage of illegal software downloads such as cracked games, Adobe Photoshop 2018 and a Windows Cracking Tool, writes Nordlocker. But just the inconsistency of such malware, which is in strong contrast too much "ring", Currently, all-related ransomware attacks, ensure that they are an unrecognized (and data collection) threat about a long period of time, whose developers were often unscrewed.

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: