Hackers get hacked by infostealing malware

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

Although not as common of an occurrence, hackers will sometimes breach other hackers’ devices and steal their login credentials. 

In a recent report, cybersecurity researchers from Hudson Rock said they found some 120,000 infected systems, with 100,000 belonging to hackers. From those compromised endpoints, more than 140,000 login credentials to various hacking forums were stolen.

Hudson Rock compiled the information after sifting through 100 cybercrime forums, going through information from publicly available leaks, and analyzing infostealer malware logs sourced directly from the attackers.

Promoting fake cracks

“Hackers around the world infect computers opportunistically by promoting results for fake software or through YouTube tutorials directing victims to download infected software,” Alon Gal, chief technology officer at Hudson Rock, told BleepingComputer.

The researchers then managed to use this data to expose the users’ real identities. By looking at data from infostealer logs, the researchers discovered credentials for additional services, autofill data which often included personally identifiable information, and system information.

Hudson Rock’s experts also found that the majority of hackers had very good password practices, but some were quite sloppy, too. Generally speaking, the passwords to log into hacking forums were stronger than those for government websites, with 40% of those for BreachForums being at least 10 characters long and containing four types of characters. 

Almost 60,000 of compromised accounts were for the Nulled community. 

The researchers are saying that the way hackers get their computers infected does not differ from the way average users do. Hackers use social media to promote fake software, cracks and key generators which other hackers (probably of lower skill) download. 

Those that had weak passwords (for example, a string of consecutive numbers) were most likely not that interested in participating in the hacking community, the researchers speculate. These accounts were probably just used to keep tabs on the community, keep up with the discussions, or check if any important database goes on sale. 

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.