Nameless malware that stole 1.2 TB of private data

Between 2018 and 2020, a custom Trojan-type malware infiltrated over 3 million Windows-based computers and stole 1.2 terabytes (TB) of personal information. This malware case study was performed in partnership with a third-party company specializing in data breach analysis.

Details about malware

This is a Trojan-type malware that was transmitted via email and illegal software. The software includes illegal Adobe Photoshop 2018, a Windows cracking tool, and several cracked games.

The data was collected from 3.25 million computers. The malware stole nearly 26 million login credentials holding 1.1 million unique email addresses, 2 billion+ cookies, and 6.6 million files.

Nameless, or custom, trojans such as this are widely available online for as little as $100. Their low profile often helps these viruses stay undetected and their creators unpunished.

Screenshots made by the malware reveal that the data was stolen between 2018 and 2020.

The virus assigned unique device IDs to the stolen data, so it can be sorted by the source device.

Methodology: The discovered data was divided into four broad categories to analyze the stolen login credentials, files, cookies as well as the software that the data was extracted from.

Credentials

The malware got away with nearly 26 million login credentials (emails or usernames accompanied by passwords) from almost a million websites. The data was categorized into 12 different groups based on the website type.

Files

The research found that this malware also targeted files that users were storing on their desktops and in Downloads folders. In total, over 6 million files were stolen.

What kinds of files were stolen?

Over 50% of the stolen files were text files. It’s likely that a lot of this collection contains software logs. It is also concerning that some people even use Notepad to keep their passwords, personal notes, and other sensitive information.

The malware stole over 1 million images including 696,000 .png and 224,000 .jpg files. The database also contains over 650,000 Word documents and .pdf files.

The analysis revealed that the malware made a screenshot after it infected the computer and also took a picture using the device’s webcam.

Protect your files on an end-to-end encrypted cloud

Try NordLocker free

Cookies

It was found that out of the total 2 billion stolen cookies, around 22% were still valid on the day of the discovery. Cookies help hackers construct an accurate picture of the habits and interests of their target. In some cases, cookies can even give access to the person’s online accounts. The stolen cookies are sorted into five groups based on the website category.

Software data

The database contains cookies, credentials, autofill data, and payment information from 48 applications. The research shows that the malware targeted apps, mostly web browsers, to steal the vast majority of data. The malware also stole data from messaging apps, email clients, file-sharing clients, and some gaming clients.

1.
Google Chrome
19,425,347
2.
Mozilla FireFox
3,296,639
3.
Opera
2,000,042
4.
Internet Explorer/Microsoft Edge
1,280,759
5.
Chromium
1,023,008
6.
CocCoc
451,962
7.
Outlook
111,732
8.
Yandex Browser
79,530
9.
Torch
57,427
10.
Thunderbird
42,057
11.
FileZilla
38,610
12.
Amigo
37,965
13.
Vivaldi
25,826
14.
Cent Browser
22,172
15.
Cyberfox
15,860
16.
Chedot
14,938
17.
WinSCP
12,327
18.
Waterfox
11,830
19.
Comodo Dragon
14,270
20.
Kometa
7,680
21.
Brave
7,356
22.
PaleMoon
7,224
23.
Orbitum
5,712
24.
Elements Browser
4,944
25.
Uran
4,199
26.
IceDragon
3,715
27.
GoBrowser
2,833
28.
Epic
2,006
29.
Default
1,305
30.
InternetMailRu
918
31.
360 Browser
857
32.
Pidgin
816
33.
Web Authentication Broker
730
34.
UC Browser
661
35.
Sputnik
522
36.
SeaMonkey
456
37.
Safer Browser
311
38.
Browser
248
39.
Login
238
40.
Dragon
202
41.
Nichrome
198
42.
Bromium
186
43.
Rockmelt
67
44.
Old
62
45.
Psi
53
46.
Mustang
31
47.
PsiPlus
24
48.
Superbird
18

Keep your files secure with NordLocker

Free Downlaod

What is malware?

Malware are tiny, malicious programs that can be attached to an email or installed with illegal software. Some malware infects the person's device immediately, while others may wait for days or even weeks. Every type of malware has its purpose: viruses harm the target device, ransomware encrypts it to extort the owner, and backdoors create a way for hackers to access that device at any time.

For every malware that gets worldwide recognition and coverage, there are thousands of custom viruses made specifically for the buyer's needs. These are nameless pieces of malicious code that are compiled and sold on forums and private chats for as little as $100. It’s a booming market where the creator sells the malware, teaches the buyer how to use it, and even shows how to profit off the stolen data.

How to protect your data from malware

install antivirus

Install an antivirus software

Despite some limitations when it comes to new types of malware, antivirus software is still one of the most reliable tools protecting your system. That’s why it’s imperative to keep security software and antivirus databases up-to-date.

praktie cyber hygiene

Practice proper cyber hygiene

Good cyber hygiene mostly means evaluating digital risks and taking appropriate steps to protect yourself. For example, if the link seems shady, don’t click on it even if it came from someone you know.

strong passwords

Use strong passwords

Password managers help you create strong and unique passwords. They are also much better than web browsers at storing your private data.

trusted sources

Download software from trusted sources

Illegal programs are often used to distribute malware. Make sure to only use legal software that you acquired from the creator’s website, the App Store, etc. and other trusted sources.

third party cookies

Block third-party cookies

Technology companies want to track people’s digital lives. Use private browsers that prevent this kind of data collection.

clean cookies

Regularly clean cookies

Even old cookies can reveal a great deal about your life. Delete cookies from your browsers often.

encrypt data

Encrypt your data

While you can never fully know whether your device is malware-free, encryption can keep you and your files safe. Even if hackers stole your files, they wouldn’t be able to access them without your master password.

encrypted cloud

Store files on an encrypted cloud

In many cases, an end-to-end encrypted cloud is the ultimate security tool. It protects your files from all kinds of malware and backs up your data in case your system is infected with ransomware.

multi factor authentication

Use multi-factor authentication

Use multi-factor authentication or single sign-on where possible for an extra layer of online protection.

Note: The NordLocker malware study has been carried out for educational purposes only. The open database was reported to US-CERT and the cloud storage provider, which has taken it down. 1.1 million unique email addresses were loaded to Have I Been Pwned, where every user can check whether they’ve been affected by this particular malware.

Get in touch

If you are interested in using our analysis for press purposes, drop us an email and we will get back to you with more information.

This information will be used by NordLocker to respond to your inquiry as provided in our Privacy Policy.