Nord Locker’s security analysts found that hackers grabbed 1.2T of sensitive information from over 3 million users between 2018 and 2020, using a trojanized malware that infected over 3 million PCs running Windows.
The developers of the unnamed malware gathered information from over 3.25 million Windows PCs. The data collected includes over 2 billion cookies and about 26 million credentials associated with 1.1 million email addresses.
This virus was distributed by bad actors through cracked applications, including cracked games, a tool for breaking Windows OS license, and even Adobe Photoshop 2018. Another method of distributing the virus was to embed it in e-mails and then distribute it through spam campaigns.
The virus is very effective since it is low-profile and can remain undetected while stealing data from users’ computers without the consumers being aware of what is happening. Perhaps the most disturbing aspect of this virus is that it snapped a picture via the computer’s camera after infecting it.
What kind of documents were stolen?
Over 650,000 PDF and Word documents, 224,000 JPG images, and over 696,000 PNG files are included in the stolen data collection. While more than half of the stolen documents are text files and software logs, the danger arises from the fact that some users have the bad habit of storing personal information, passwords, and other types of private information in text files. As you probably hinted, these files also fell into the hands of the hackers.
The Trojan successfully stole about 26 million login credentials from over a million websites. The stolen credentials belonged to users of websites in a variety of categories, including online gaming, online marketplaces, job search websites, social media, productivity tools, streaming services, and email services.
About 22% of the 2 billion stolen cookies were still valid when they found. Cookies may provide hackers with access to a user’s online accounts and can assist them in learning about their targets’ interests and habits. The top five websites in proportion to the number of stolen cookies are eBay with over 1,9 million, Walmart with 2,62 million, Gearbest with 2,11 million, AliExpress with 4,81 million, and Amazon with 3,5 million.