HQ/EMEAFind out how we can help your business
Researchers uncovered an infostealing malware that infected over 100,000 systems with credentials for hacking forums. The researchers claimed that most compromised computers during the infection belonged to malicious actors.
The exposed data includes the passwords cybercriminals use for logging into underground forums with more secure passwords than government websites.
Threat actors compromised their credentials used for hacking forums.
The researchers analysed about 100 hacking forums and noticed that some cybercriminals had accidentally infected their computers, leading to their loss or theft. In addition, the investigation showed that 100,000 of the affected computers belonged to hackers, and the credentials exposed reached approximately 140,000.
These details came from publicly available leaks and as infostealer logs sourced directly from hackers. On the other hand, novice threat actors have likely fallen into the traps set up by other experienced hackers; hence, their information is included in the recent exposure.
Experts also explained that the hackers who owned the compromised computers could reveal their identities if investigators studied the data from the infostealer logs.
The confirmed data included in the recent leaks are credentials, personal information, and system information. Therefore, hackers could expose troves of data, such as emails, usernames, full names, addresses, phone numbers, computer names, and IP addresses.
By studying the collected data, the researchers claimed that over 57,000 infected users had accounts in a hacking forum called Nulled[.]to the community of rising cybercriminals.
Further studies also showed that the threat actors used the most sophisticated passwords to log into cybercriminal forums—most passwords contained at least ten characters that included four types of surfaces.
However, some hackers also use weak passwords like a string of consecutive numbers. Analysts believe that hackers who use unsophisticated passwords are likely logging into such forums to remain updated on all the trends, not for important reasons.
The infostealer has compromised much initial access owned by the participants of the affected cybercrime forums. Therefore, researchers or threat actors could collect the data to impersonate legitimate users to access the hacking forums.
