A recently published study detailed the attacks carried out using Trojan-type malware that has infected millions of computers with the popular Windows OS from 2018 to 2020. According to the reports, the malware was spread via email and illegal software, including unlicensed copies of Adobe Photoshop 2018, Windows hacking tool, and many unauthorized video games. In total, 3.25 million devices were disclosed, and malware stole 26 million login credentials, in addition to one million unique email addresses, 2 billion cookies, and 6.6 million files, the report said.
Who is affected & How?
- All of this happened with a nameless Trojan that threat actors who could buy it for as little as $ 100. Screenshots collected by investigators show that cybercriminals are stealing data for two years, from 2018 to 2020. The data breach includes information from popular social networking websites, job search engines, gaming websites, email, finance, and other service providers. NordLocker claims that stolen information includes ‘emails or usernames associated with passwords.’ That includes 1.4 million Facebook details, 261,773 Twitter accounts, and 153,754 Instagram accounts. The hackers also stole an estimated 190,000 Roblox and Steam credentials, more than 1.5 million Google email data, and data on more than 145,000 PayPal accounts. Analysts say malware targeted files users stored on their desktops and Downloads, with a total of more than 6 million stolen files. More than half of the stolen files were text files. Those may contain software logs. However, since people tend to store their passwords in a text file format, some stolen files may include personal information. “The report revealed that the malware made a screenshot after it infected the computer and also took a picture using the device’s webcam,” NordLocker research.
How to stay safe?
- There are many ways to protect yourself from the same threats. Installing anti-virus software can be a good start. Users are also advised to use strong passwords, avoid suspicious links online, and download software only from trusted sources.
- If you suspect that one or more of your passwords may have been leaked, we urge taking the following steps to protect your data and prevent potential harm from threatening characters:
- Enable 2-factor authentication (2FA) for all of your online accounts.
- If your data is in danger, be sure to change your passwords for all of your online accounts. You can easily create complex passwords with our powerful password generator or consider using a password manager.
- Beware of spam emails, unsolicited text messages, and phishing scams.
- Do not click on anything that appears suspicious, including emails and texts from strangers.
By Vedant Soni
Campus Ambassador, at WCSF