As evident by screenshots the malware took, the campaign took place between 2018 and 2020, when a trojan sneaked into users’ computers and silently grabbed data from them.
Unnamed malware steals 1.2 terabytes of data
The unnamed malware with trojan capabilities was distributed via email and illegal software, said Nord Locker researchers. The malware operators used cracked copies of Adobe Photoshop 2018, a Windows cracking tool, and cracked games to infect Windows users. The data harvested from 3.25 million computers contained nearly 26 million login credentials with 1.1 million unique email addresses, more than 2 billion cookies, and 6.6 million files.
“Nameless, or custom, trojans such as this are widely available online for as little as $100. Their low profile often helps these viruses stay undetected and their creators unpunished,” the analysis notes. Furthermore, the trojan assigned unique device IDs to the stolen details, so that it could be easily categorized by the source device.
The nearly 26 million login credentials consisting of emails, usernames, and passwords were gathered from a million websites. The data itself was classified in 12 different groups according to the website type. Categories include social media, online gaming, online marketplaces, job search websites, consumer electronics, file storage and file sharing, productivity tools, streaming services, financial and email services, community and miscellaneous.
The unnamed trojan also stole files stored on users’ desktops and Downloads folders, totaling to more than 6 million files (text, image, and document files):
Over 50% of the stolen files were text files. It’s likely that a lot of this collection contains software logs. It is also concerning that some people even use Notepad to keep their passwords, personal notes, and other sensitive information.
Other statistics Nord Locker revealed include more than 1 million stolen images, divided between 696,000 .png and 224,000 .jpg files. The database also holds more than 650,000 Word documents and .pdf files. The malware also made screenshots after infection, and took a picture using the device’s webcam.
Two billion cookies harvested
It is noteworthy that 22% of the stolen cookies were still valid on the day the researchers made the discovery. Why do hackers need cookies? They help them study the victim’s online habits and interests, not to mention that in some cases “cookies can even give access to the person’s online accounts.”
The stolen cookies were also categorized into five different groups: online marketplace, online gaming, file sharing sites, social media, and video streaming services.
Software data also stolen
The unnamed trojan also targeted 40 applications from which it harvested cookies, credentials, autofill data, and payment information. Targeted apps include mostly web browsers, messaging apps, email, file-sharing, and gaming clients.
Another recent example of a newly discovered malware that uses illegal software to distribute is the so-called Crackonosh malware. This malware is also capable of disabling AV programs as part of its anti-detection and anti-forensics techniques.