3.2 Million PCs Compromised in a Malware Campaign


Security researchers at Nordlocker have discovered that 1.2 terabytes of personal details and information were stolen through a customized malware strain which was largely spread through illegal software, including pirated games and a cracked version of Adobe Photoshop. 

Between 2018 and 2020 the malware had infected 3.2 million PCs and stole over 6 million files from infected Desktop and Downloads folders. The stolen files were mostly made up of three million text files, 900,000 image files, and 600,000+ Word files. Inside the treasure trove of stolen data were 1.1 million unique email addresses and 26 million login credentials, among other things.

“Screenshots made by the malware reveal that it spread via illegal software (Adobe Photoshop), Windows cracking tools, and pirated games. Moreover, the malware also photographed the user if the device had a webcam," NordLocker said.

Researchers said cybercriminal gang accidentally revealed the location of the database containing the stolen data, and once NordLocker was privy, it worked with a third-party company that specializes in researching data breaches to evaluate the database's contents. 

Researchers warn that custom malware such as this is particularly dangerous, noting that they are “cheap, customizable, and can be found all over the web.” They note that custom malware can be purchased at very low prices and often include tutorials on how to use stolen data, meaning that individuals should be incredibly careful when accessing files online.

This particular malware campaign does not have a name, in part because it flew under the radar while active, then presumably disappeared. According to NordLocker, nameless (or custom) trojans like this one is hawked on the dark web in forums and private chats, sometimes for no more than $100.

"Their low profile often helps these viruses stay undetected and their creators unpunished...It's a booming market where the creator sells the malware, teaches the buyer how to use it, and even shows how to profit off the stolen data," NordLocker says. 

Nordlocker recommended using a variety of methods to keep yourself and your data safe, including clearing your cookies every month and only installing software from developer websites and well-known sources.