Quote:Researchers have uncovered a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware. The heisted info includes 6.6 million files and 26 million credentials, and 2 billion web login cookies – with 400 million of the latter still valid at the time of the database’s discovery.
 
According to researchers at NordLocker, the culprit is a stealthy, unnamed malware that spread via trojanized Adobe Photoshop versions, pirated games and Windows cracking tools, between 2018 and 2020. It’s unlikely that the operators had any depth of skill to pull off their data-harvesting campaign, they added.
 
“The truth is, anyone can get their hands on custom malware. It’s cheap, customizable, and can be found all over the web,” the firm said in a Wednesday posting. “Dark Web ads for these viruses uncover even more truth about this market. For instance, anyone can get their own custom malware and even lessons on how to use the stolen data for as little as $100. And custom does mean custom – advertisers promise that they can build a virus to attack virtually any app the buyer needs.”
 
The 26 million login credentials held 1.1 million unique email addresses, NordLocker found, for an array of different apps and services. These included logins for social media, online marketplaces, job-search sites, gaming sites, financial services, email and more.
 
A hacker group revealed the database location accidentally, according to NordLocker. The cloud provider hosting the data was notified so the database can be taken down, and Troy Hunt has added the compromised email addresses to his HaveIBeenPwned repository, so people can check to see if they’ve been impacted by the malware.
 
“This incident has been flagged as “sensitive” so it’s not publicly searchable,” Hunt explained. “For individuals, verifying your email address by the notification service will show if it was in this data set. For organizations, the domain search feature will allow you to search across the breadth of any domains you can verify control of.”