Imagine a piece of malware on your computer. It stole your data and you don’t even know about it. One such stolen database has been spotted and let us tell you - it’s massive! Because it has not just affected a handful of people, but rather millions of systems worldwide.

The scoop

A massive trove of sensitive data has been discovered by researchers. This database consists of 1.2TB of login credentials, autofill data, browser cookies, and payment information extracted by a mysterious malware. The data was pulled from three million PCs between 2018 and 2020.

Why it matters

This discovery is particularly significant as it comes amidst a series of ransomware attacks and other cyberattacks on organizations globally. For instance, hackers attacked Colonial Pipeline by gaining access to compromised accounts. Such credentials are readily available online. This kind of data is usually accumulated by information stealer malware.

Dangers of custom malware

These stealer malware are usually custom-made, which are not hard to obtain. Custom malware is cheap, scalable, and is available all over the internet. Even a wannabe hacker can get their hands on such malware and learn lessons on how to use it for as little as $100. Moreover, advertisers promote custom malware as a virus that can be designed to attack any app the buyer wants.

What else?

  • The malware collected account credentials for at least one million sites, including Twitter, Gmail, Facebook, and Amazon.
  • Two billion cookies were extracted, of which 22% were valid even at the time of discovery.
  • The database also contained over a million images and over 650,000 PDF and Word files.

Stay safe

With the adoption of cloud computing growing at a rapid pace, the malware problem has extended to the frontier of customized malware that use novel techniques to stay undetected. Based on the feedback received from researchers, it is impossible to know if a file is malicious. Moreover, antivirus solutions cannot detect new malware. Therefore, following good cybersecurity practices is the only way to stay safe from such threats. These include using password managers, encrypting files, deleting unnecessary cookies, downloading software only from authentic sources, and updating existing security software.

Cyware Publisher