Blog/Expert Analysis/

How nameless malware steals your data (and gets away with it)

Jun 09, 2021

Imagine if malware got into your computer. In fact, how do you know it isn’t there already? With some help from third-party researchers, we uncovered and analyzed a database of stolen data. It’s big — and the victims likely never knew their files had been stolen.

The discovery of a stolen database

We want to make it clear: we did not purchase this database nor would we condone other parties doing it. A hacker group revealed the database location accidentally. The analysis of the database was conducted in partnership with a third-party company specializing in data breach research. The cloud provider hosting the data was notified so it can be taken down.

1.2 TB database of stolen data

The stolen database contained 1.2 TB of files, cookies, and credentials that came from 3.2 million Windows-based computers. The data was stolen between 2018 and 2020. The database included 2 billion cookies. The analysis revealed that over 400 million, or 22%, of those cookies were still valid at the time when the database was discovered.

We now know that the virus escaped with 6 million files it grabbed from Desktop and Downloads folders. 3 million text files, 900,00 image files, and 600,000+ Word files made up the bulk of the stolen database, but it also contained over 1,000 types of different files.

Screenshots made by the malware reveal that it spread via illegal software (Adobe Photoshop), Windows cracking tools, and pirated games. Moreover, the malware also photographed the user if the device had a webcam.

The dangers of custom malware

Just like with hurricanes, experts love naming dangerous malware. But computer viruses don’t have to have names to be capable of stealing lots of data. The truth is, anyone can get their hands on custom malware. It’s cheap, customizable, and can be found all over the web.

Dark web ads for these viruses uncover even more truth about this market. For instance, anyone can get their own custom malware and even lessons on how to use the stolen data for as little as $100. And custom does mean custom - advertisers promise that they can build a virus to attack virtually any app the buyer needs.

How to stay safe

Based on the feedback from the researchers, it may be impossible to tell whether a file is infected. If the malware is new, no antivirus can recognize it. The only way to stay safe is to follow good cyber hygiene rules:

  • Web browsers are not good at protecting sensitive data. Use password managers to protect your credentials and auto-fill information.
  • Malware can’t access encrypted files. Services like NordLocker protect your files both on your computer and the cloud, so malware can’t just grab them.
  • Some cookies are valid for 90 days, and some don’t expire for an entire year. Make deleting cookies a monthly habit.
  • Peer-to-peer networks are often used for spreading malware. Only download software from the developer’s website and other well-known sources.
  • All malware gets recognized eventually. Make sure that your antivirus is always updated to prevent old viruses from slipping through the cracks.
John Sears

John Sears

Verified author

John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.