Skip to main content

New Trojan malware steals millions of login credentials

Trojan
(Image credit: Iaremenko Sergii / Shutterstock)

Cybersecurity researchers have revealed a new custom Trojan-type malware that managed to infiltrate over three million Windows computers and steal nearly 26 million login credentials for about a million websites.

The findings from Nord Security classifies the websites into a dozen categories, which include virtually all popular email services, social media platforms, file storage and sharing services, ecommerce platforms, financial platforms, and more. 

In all, the unnamed malware managed to siphon away 1.2 terabytes of personal data including over a million unique email addresses, over two billion cookies, and more than six million other files.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

“For every malware that gets worldwide recognition and coverage, there are thousands of custom viruses made specifically for the buyer's needs. These are nameless pieces of malicious code that are compiled and sold on forums and private chats for as little as $100,” explains Nord Security.

Public Wi-Fi menace

The research found that this malware also made away with over six million files the victims had on their desktops and in Downloads folders. It also took a screenshot of the infected machine, and even tried snapping a picture of the victim using the device’s webcam.

Worryingly, Nord Security adds that while the amount of stolen data is shocking, unnamed, custom malware aren’t the only threat to a user’s data. 

It goes on to share that one in four Wi-Fi networks has no encryption or password protection of any kind, making vast amounts of user data vulnerable to theft.

“Antimalware software like antiviruses doesn’t fully protect our devices. Public Wi-Fi poses as much danger to our logins as malware does. In many cases, public Wi-Fi can have poorly configured firewalls that let hackers monitor your Wi-Fi connection,” said Daniel Markuson, digital security expert at NordVPN, Nord Security’s VPN service.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.