Hackers stole 26 million user login credentials between 2018 and 2020, new study shows

Trojan-type malware transmitted through email and illegally downloaded software stole 1.2 terabytes of personal data

Computer hacker or Cyber attack concept background
Beta V.1.0 - Powered by automated translation

Hackers stole about 26 million user login credentials for almost a million websites through custom malware between 2018 and 2020, according to a new study.

The Trojan-type malware that was transmitted through email and illegally downloaded software infiltrated more than 3 million Windows-based computers and stole 1.2 terabytes of personal information, according to the NordLocker malware study.

The illegally downloaded software used to spread the malware included Adobe Photoshop 2018, a Windows cracking tool and several cracked games, the company said. The malware operator “stole nearly 26 million login credentials holding 1.1 million unique email addresses, 2 billion+ cookies, and 6.6 million files”, NordLocker said.

Malware refers to malicious programme that can be attached to an email or installed with illegal software. There are different types of malware: viruses that harm the target device, ransomware that encrypts it to extort the owner and backdoors that create a way for hackers to access a device at any time.

Cyber attacks have grown across the world in the last 12 months, as more people work remotely and shop online amid the pandemic.

Identities stolen from UAE consumers are among the most expensive for sale by criminals on the dark web, according to UK-based Comparitech. Stolen records of UAE residents fetch an average of $25 each.

The custom malware uncovered by NordLocker secured login credentials such as emails, usernames and passwords from social media platforms like Facebook (1.47 million credentials stolen), Twitter (261,773) and Instagram (153,754), online gaming websites, online marketplaces like Amazon (209,534) and eBay (132,935), job search websites like Indeed and Upwork, and consumer electronics websites such as Apple, Sony and Samsung, the study found.

Hackers also stole user credentials from file storage and sharing websites such as Dropbox, streaming services such as Netflix and Spotify, financial platforms like PayPal and CoinBase, and email services companies such as Google (1.54 million), Outlook (403,580) and Yahoo (224,961), according to the research.

Other miscellaneous websites such as Uber, Adobe, Autodesk, Skype and WordPress were also targeted by hackers, it was found.

Nameless, or custom, Trojans such as this are widely available online for as little as $100

“Nameless, or custom, Trojans such as this are widely available online for as little as $100,” NordLocker said.

This malware targeted files that users were storing on their desktops and in download folders. In total, more than 6 million files were stolen, the research found.

More than 50 per cent of the stolen files were text files. The malware stole more than 1 million images, too. The stolen documents database also contained more than 650,000 Word documents and .pdf files, NordLocker said.

The analysis revealed that the malware made a screenshot after it infected the computer and also took a picture using the device’s webcam.

It was also found that out of the total 2 billion stolen cookies, around 22 per cent were still valid on the day of the discovery.

“Cookies help hackers construct an accurate picture of the habits and interests of their target. In some cases, cookies can even give access to the person’s online accounts,” the study said.

Some tips to protect user data from malware include installing antivirus software, practising cyber hygiene, using strong passwords, downloading software from trusted sources, blocking third-party cookies, regularly cleaning cookies and using multi-factor authentication, the NordLocker study said.