Gootkit Banking Trojan Databases Leak Sensitive Details of 2 millioner brugere

Banking Trojan Databases Leak Sensitive Details of 2 millioner brugere

1 Star2 Stars3 Stars4 Stars5 Stars (1 stemmer, gennemsnit: 5.00 ud af 5)
Loading ...

To our greatest concern, the services we use daily often become part of data breaches and data leaks, in which our personal details are exposed to cybercriminals. Banker, airlines, hoteller, various organizations put our information at risk in databases that are left unsecured.

What happens when one of the most advanced banking Trojans discovered in the wild has its databases exposed? Godt, we are about to find out. Tilsyneladende, Bob Diachenko, a cybersecurity researcher stødte på two open and publicly accessible MongoDB instances that appear to be part of the Gootkit network.

More about the Gootkit Banking Trojan

Sidste år, the Gootkit operators found a way to exploit Mailchimp in spam campaigns to distribute the malicious banking Trojan. The attackers were continuously hacking into MailChimp’s network to send fake invoices and emails ridden with malware. This is an example of a Gootkit malicious operation in action.

Generelt, the Trojan has targeted a lot of networks located across Europe, including banks found in France, Schweiz og Østrig. What’s particularly dangerous is the malware can also be set against cryptocurrency services. Endvidere, two databases that are used by the hacking collective behind the malware have been leaked.

A security analysis of their structure and a content extraction has revealed further information about the stored information. The experts reveal that the criminal collective behind the threat is actively pulling data from three botnets totaling in about 38,563 compromised hosts.

Relaterede: Remove GootKit Trojan Horse

According to the security analysis, the following sensitive details have been compromised:

  • I alt 1,444,375 e-mail konti;
  • I alt 752,645 brugernavne;
  • 2,196,840 passwords and configuration pairs coming from online shops, emails, banking applications, streaming and a variety of online services, as well as internal network passwords.

It is yet to be determined whether the Gootkit cybercriminals forgot to set a password, or if a firewall blocking access to the servers went down. But it’s a fact that something went completely wrong as the two servers were exposed and indexed by several IoT search engines.

What can happen with the user data exposed in the leaky Gootkit databases?

It is noteworthy that botnets such as Emotet and TrickBot have been dealing with something called “install space”. This means that the botnet operators were renting access on infected computers to other hacker collectives. These cybercrminal groups can then use the provided access to drop additional malware on the infected hosts. It appears that so far Gootkit operators haven’t sold install space to other groups.

Men, the large number of infected hosts in the exposed databases combined with the large amount of sensitive user details could enable the criminals to do in the future, cybersecurity researchers sige.


Milena Dimitrova

En inspireret forfatter og indhold leder, der har været med SensorsTechForum for 4 år. Nyder ’Mr. Robot’og frygt’1984’. Fokuseret på brugernes privatliv og malware udvikling, hun tror stærkt på en verden, hvor cybersikkerhed spiller en central rolle. Hvis almindelig sund fornuft giver ingen mening, hun vil være der til at tage noter. Disse noter senere kan blive til artikler!

Flere indlæg

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...