NordLocker Details 1.2TB Database of Information Stolen via Custom Malware

NordLocker mentioned it is uncovered a database containing 1.2TB value of recordsdata, account credentials, and different delicate data that was stolen utilizing customized malware that unfold through illegally downloaded software program.

The corporate mentioned that software program included “unlawful Adobe Photoshop 2018, a Home windows cracking software, and several other cracked video games.” These stolen applications gave the impression to be useful, however in addition they included a “Trojan-type malware” that stole the knowledge NordLocker found on this publicly hosted database.

This database was mentioned to have contained knowledge taken from 3.25 million Home windows gadgets between 2018 and 2020. NordLocker mentioned the malware operator “stole practically 26 million login credentials holding 1.1 million distinctive electronic mail addresses, 2 billion+ cookies, and 6.6 million recordsdata” divided into 12 distinct classes.

The stolen knowledge reportedly included recordsdata gathered from victims’ Desktop and Downloads folders in addition to “cookies, credentials, autofill knowledge, and fee data from 48 functions.” That listing contains widespread browsers, reminiscent of Google Chrome and Mozilla Firefox, in addition to electronic mail apps like Outlook.

NordLocker mentioned “the malware additionally photographed the person if the system had a webcam.” It was additionally mentioned to have assigned distinctive identifiers to affected gadgets, which implies all of the stolen knowledge could possibly be linked to a selected system. From there it in all probability would have been trivial to hyperlink the knowledge to a selected individual.

Sadly this type of malware seems to be widespread: NordLocker mentioned that “Anonymous, or customized, trojans reminiscent of this are broadly out there on-line for as little as $100.” Anybody shopping for the malware may use it to assemble delicate knowledge that would then be bought to different malicious actors or utilized in extortion schemes.

NordLocker mentioned it contacted the cloud service supplier used to host this database so it could possibly be eliminated. It additionally shared 1.1 million distinctive addresses with Have I Been Pwned, a well-liked service that permits folks to see if their private data has been uncovered in databases just like the one described on this report.