120k Hacking Forum Account Credentials Stolen by Info-Stealers
In an analysis, cybersecurity firm Hudson Rock found that hacking forum credentials associated with 120,000 computers were compromised by info-stealer malware.
Researchers analyzed one hundred prominent cybercrime forums, and found within its intelligence database — which boasts data from more than 14.5 million machines afflicted by information-stealing malware — that a staggering 120,000 infected computers had credentials on these websites.
The extent of the pilfered data from these compromised machines is profound. Information stealers, which are malware that infiltrate systems to extract sensitive data, provide a goldmine of personal details. Researchers found that compromised data included secondary credentials (such as additional email addresses and usernames), auto-fill data including names and addresses, and system information like IP addresses and computer names. This abundance of data could allow threat actors to discover the real identities of the affected user.
Alon Gal, CTO of Hudson Rock, explained the tactics used by threat actors looking to pilfer credentials while speaking with BleepingComputer: "Hackers around the world infect computers opportunistically by promoting results for fake software or through YouTube tutorials directing victims to download infected software." Among those infected are other hackers, usually those less skilled and more likely to fall for scams.
Among the afflicted forums, the notorious "Nulled.to" was the most widely affected, with over 57,000 compromised users. "Cracked.io" and "Hackforums.net" followed closely behind. The analysis also revealed that passwords employed for cybercrime forums exhibited greater strength compared to those used for government websites.
The prevalence of information-stealer infections has skyrocketed over the years, surging an astounding 6000% since 2018. They are currently the primary avenue for threat actors seeking to infiltrate organizations and launch cyberattacks, including ransomware assaults, data breaches, account takeovers, and corporate espionage.