This Shockingly Invasive Malware Stole Data from 3.25 Million Windows Computers

The 1.2 terabytes of data include cookies, millions of email and social login credentials, and personalized IDs to identify specific compromised devices.

A woman rushes by Microsoft headquarters.
Photo: Robert Giroux (Getty Images)

Between 2018 and 2020, a mysterious strain of malware infected and stole sensitive data from approximately 3.25 million Windows-based computers—taking with it a horrifying amount of intimate information about the users of those devices.

Advertisement

The data includes login credentials—both usernames and passwords—for dozens of online platforms, as well as billions of browser cookies, millions of user files stolen right off of infected desktops and, in some cases, pictures of the device’s user taken with the computer’s own webcam.

The malicious epidemic was uncovered recently when a large database of the stolen information was spotted on the dark web, reports NordLocker in a new analysis of the incident.

The firm characterizes the virus as Trojan-style malware that was deployed onto computers via email and by illegal software, such as pirated versions of games and Adobe Photoshop, as well as “Windows cracking” tools. The malware was unnamed and likely a cheap, customizable variant that could be purchased easily on the dark web.

“Nameless, or custom, trojans such as this are widely available online for as little as $100. Their low profile often helps these viruses stay undetected and their creators unpunished,” analysts write.

According to Nord, the malware took careful steps to catalog people it had compromised, even assigning “unique device IDs to the stolen data, so it can be sorted by the source device” and also frequently photographing the computer’s user if their device had a webcam.

As to the stolen data, it’s pretty overwhelming. The compromised login information includes 1,471,416 Facebook credentials; 261,773 Twitter credentials; 145,436 PayPal credentials; 87,282 Dropbox credentials; 1,540,650 Google account credentials, and so on. Other compromised accounts include Coinbase, Blockchain, Outlook, Skype, Netflix...you get the picture.

Advertisement

On top of this, the malware also apparently took screenshots of the desktops it had infected, which retroactively helped researchers piece together just how much information had been compromised. To get a better idea of how extensive the damage is, here is a little breakdown:

  • 2 billion cookies
  • 26 million login credentials
  • 6.6. million files (apparently stolen off of desktops)
  • Upwards of 1 million images (696,000 .png and 224,000 .jpg files)
  • More than 650,000 Word documents and .pdf files

So, yeah, it’s all pretty disturbing. The market for personal information on the dark web—particularly login credentials—has always been big, but it’s seen a real uptick in recent years. Hundreds of millions of passwords are compromised every year through cyberattacks and breaches, leaving victims at the mercy of money-grubbing goons. While it’s up to you to decide how to protect yourself, there’s no shortage of resources out there and, it goes without saying, they’re worth checking out.

Advertisement

You can check out a more detailed breakdown of all of the stolen files here.

Staff writer at Gizmodo

DISCUSSION

kasley42
TR4-250

I get the implication there is not very much you really can do. If I decide to change all my passwords, this malware or these malware programs will be watching? This sounds like it functioned as an aggregator rather than just one, very effective thief.