Para nossa maior preocupação, os serviços que usamos diariamente muitas vezes se tornam parte de violações de dados e vazamento de dados, em que os nossos dados pessoais estão expostas a cibercriminosos. bancos, companhias aéreas, hotéis, various organizations put our information at risk in databases that are left unsecured.
What happens when one of the most advanced banking Trojans discovered in the wild has its databases exposed? Bem, we are about to find out. Pelo visto, Bob Diachenko, a cybersecurity researcher came across two open and publicly accessible MongoDB instances that appear to be part of the Gootkit network.
More about the Gootkit Banking Trojan
Ano passado, the Gootkit operators found a way to exploit Mailchimp in spam campaigns to distribute the malicious banking Trojan. The attackers were continuously hacking into MailChimp’s network to send fake invoices and emails ridden with malware. This is an example of a Gootkit malicious operation in action.
Geralmente, the Trojan has targeted a lot of networks located across Europe, incluindo bancos encontrados na França, Suiça e Austria. What’s particularly dangerous is the malware can also be set against cryptocurrency services. além disso, two databases that are used by the hacking collective behind the malware have been leaked.
Uma análise de segurança de sua estrutura e uma extração de conteúdo revelou mais informações sobre as informações armazenadas. The experts reveal that the criminal collective behind the threat is actively pulling data from three botnets totaling in about 38,563 hosts comprometidos.
According to the security analysis, the following sensitive details have been compromised:
- Um total de 1,444,375 email accounts;
- Um total de 752,645 usernames;
- 2,196,840 passwords and configuration pairs coming from online shops, e-mails, banking applications, streaming and a variety of online services, as well as internal network passwords.
It is yet to be determined whether the Gootkit cybercriminals forgot to set a password, or if a firewall blocking access to the servers went down. But it’s a fact that something went completely wrong as the two servers were exposed and indexed by several IoT search engines.
What can happen with the user data exposed in the leaky Gootkit databases?
It is noteworthy that botnets such as Emotet and TrickBot have been dealing with something called “install space”. This means that the botnet operators were renting access on infected computers to other hacker collectives. These cybercrminal groups can then use the provided access to drop additional malware on the infected hosts. It appears that so far Gootkit operators haven’t sold install space to other groups.
Contudo, the large number of infected hosts in the exposed databases combined with the large amount of sensitive user details could enable the criminals to do in the future, cybersecurity researchers dizer.