New Trojan malware steals millions of login credentials

Trojan
(Image credit: Iaremenko Sergii / Shutterstock)
Audio player loading…

Cybersecurity (opens in new tab) researchers have revealed a new custom Trojan-type malware (opens in new tab) that managed to infiltrate over three million Windows computers (opens in new tab) and steal nearly 26 million login credentials for about a million websites.

The findings from Nord Security (opens in new tab) classifies the websites into a dozen categories, which include virtually all popular email services (opens in new tab), social media platforms, file storage (opens in new tab) and sharing services, ecommerce platforms (opens in new tab), financial platforms, and more. 

In all, the unnamed malware managed to siphon away 1.2 terabytes of personal data including over a million unique email addresses, over two billion cookies, and more than six million other files.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window (opens in new tab) <<

“For every malware that gets worldwide recognition and coverage, there are thousands of custom viruses made specifically for the buyer's needs. These are nameless pieces of malicious code that are compiled and sold on forums and private chats for as little as $100,” explains (opens in new tab) Nord Security.

Public Wi-Fi menace

The research found that this malware also made away with over six million files the victims had on their desktops and in Downloads folders. It also took a screenshot of the infected machine, and even tried snapping a picture of the victim using the device’s webcam.

Worryingly, Nord Security adds that while the amount of stolen data is shocking, unnamed, custom malware aren’t the only threat to a user’s data. 

It goes on to share that one in four Wi-Fi networks has no encryption or password protection of any kind, making vast amounts of user data vulnerable to theft.

“Antimalware software like antiviruses (opens in new tab) doesn’t fully protect our devices. Public Wi-Fi poses as much danger to our logins as malware does. In many cases, public Wi-Fi can have poorly configured firewalls that let hackers monitor your Wi-Fi connection,” said Daniel Markuson, digital security expert at NordVPN (opens in new tab), Nord Security’s VPN service (opens in new tab).

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.