New Trojan malware steals millions of login credentials

Cybersecurity researchers have revealed a new custom Trojan-type malware that managed to infiltrate over three million Windows computers and steal nearly 26 million login credentials for about a million websites.

The findings from Nord Security classifies the websites into a dozen categories, which include virtually all popular email services, social media platforms, file storage and sharing services, ecommerce platforms, financial platforms, and more.

In all, the unnamed malware managed to siphon away 1.2 terabytes of personal data including over a million unique email addresses, over two billion cookies, and more than six million other files.

“For every malware that gets worldwide recognition and coverage, there are thousands of custom viruses made specifically for the buyer’s needs. These are nameless pieces of malicious code that are compiled and sold on forums and private chats for as little as $100,” explains Nord Security.

Public Wi-Fi menace

The research found that this malware also made away with over six million files the victims had on their desktops and in Downloads folders. It also took a screenshot of the infected machine, and even tried snapping a picture of the victim using the device’s webcam.

Worryingly, Nord Security adds that while the amount of stolen data is shocking, unnamed, custom malware aren’t the only threat to a user’s data.

It goes on to share that one in four Wi-Fi networks has no encryption or password protection of any kind, making vast amounts of user data vulnerable to theft.

“Antimalware software like antiviruses doesn’t fully protect our devices. Public Wi-Fi poses as much danger to our logins as malware does. In many cases, public Wi-Fi can have poorly configured firewalls that let hackers monitor your Wi-Fi connection,” said Daniel Markuson, digital security expert at NordVPN, Nord Security’s VPN service.

Source: TechRadar