Press Release Security

26.6 Million Logins Stolen by Bot Malware Since 2018

Image courtesy of Pixabay

The Rise of Bot Malware will Allow Hackers to Bypass Multi-factor Authentication

A study by NordVPN showed that data of five million people (including 16 thousand Canadians) has been stolen by bot malware since 2018. Cybercriminals were able to obtain extremely sensitive user data including 26.6 million usernames and passwords. Among them were 720 thousand Google logins, 654 thousand Microsoft logins, and 647 thousand Facebook logins.

The average price for a person’s digital information on the bot markets is $6.

Moreover, because the malware steals logins together with cookies and device configuration information, cybersecurity experts say that the rise of this malware will help hackers to bypass multi-factor authentication (MFA).

“When a criminal hacks a password, they cannot complete the identity authentication if the user has MFA enabled. However, if a criminal obtains their victim’s cookies and device configuration information, they can trick the security systems and avoid MFA activation. Because bot malware provides criminals with the entire digital identity of their victims — it presents a brand new set of risks,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN.

Stolen Logins Found on Bot Markets

Google720,676
Microsoft654,444
Facebook647,574
Amazon226,264
Netflix223,173
PayPal201,649
Instagram196,904
Steam180,581
Ebay123,955
EA Network115,807
Roblox112,050
LinkedIn108,789
Yahoo105,944
Dropbox105,918
Ali Express100,690
Twitch93,678
Apple Store90,068
Twitter89,469
Sony Entertainment89,421
Spotify75,941
Riot Games75,242
Epic Games72,673
MEGAnz61,150

A Perfect Crime Using Bots

The scariest thing about bot markets is that they make it easy for hackers to exploit their victim’s data. Even a rookie cybercriminal can connect to someone’s Facebook account if they have cookies and digital fingerprints in place, which help them bypass multi-factor authentication.

After logging in to a user’s account, a cybercriminal can try contacting people on a victim’s friends list and send malicious links or ask for a money transfer. They can also post fake information on the victim’s social media feed.

“Some tactics are even simpler. A hacker can, for example, take control of a victim’s Steam account by changing the password. Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” says Adrianus Warmenhoven.

More sophisticated criminals buy this information and target businesses with phishing attacks, trying to impersonate the company’s employees.

“To protect yourself, use an antivirus at all times. Other measures that could help – a password manager and file encryptions tools to make sure that even if a criminal infects your device, there is very little for them to steal,” adds Adrianus Warmenhoven.

Researchers analyzed three major bot markets: the Genesis Market, the Russian Market, and 2Easy. All of the markets were active and accessible on the surface web at the time of analysis. The data on bot markets was compiled in partnership with independent third-party researchers specializing in cybersecurity incident research.

The most popular types of malware that steal data are RedLine, Vidar, Racoon, Taurus, and AZORult.

The full methodology, together with more information about the three analyzed markets, can be found here: https://nordvpn.com/research-lab/bot-markets/

You can learn more about how bot markets work by watching this video: https://youtu.be/dAyl1xBgTUg

About the author

avatar

NordVPN

NordVPN is the world’s most advanced VPN service provider, used by millions of internet users worldwide. NordVPN provides double VPN encryption and Onion Over VPN and guarantees privacy with zero tracking. One of the key features of the product is Threat Protection, which blocks malicious websites, malware, trackers, and ads. NordVPN is very user friendly, offers one of the best prices on the market, and has over 5,000 servers in 60 countries worldwide. For more information: nordvpn.com.