Bot malware could be the next big security risk for you to worry about
Tactic can be used to steal entire user profiles in a swipe
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Botmalware, where incidents automated malicious code capable of exfiltrating entire user profiles from target endpoints, are on the rise, a new report from NordVPN has warned.
The company’s research claims that the data of five million people has been stolen by bot malware since 2018, covering 26.6 million usernames andpasswords, including almost a millionGooglecredentials, and more than a millionMicrosoftand Facebook logins combined.
Bot malware is more dangerous than your average malware, because by stealing entire user profiles, they enable the operators to bypass multi-factor authentication protection.
Bypassing MFA
“When a criminal hacks a password, they cannot complete the identity authentication if the user has MFA enabled. However, if a criminal obtains their victim’s cookies and device configuration information, they can trick the security systems and avoid MFA activation. Because bot malware provides criminals with the entire digital identity of their victims — it presents a brand new set of risks,” said Adrianus Warmenhoven, cybersecurity advisor at NordVPN.
This new Linux malware floods machines with cryptominers and DDoS bots>Millions of people have had their data sold on bot markets>Check out the best endpoint protection services right now
What makes these attacks even more dangerous is the fact that the barrier for entry is quite low. Even unskilled hackers can use these user profiles to log into people’s accounts and use them for various nefarious purposes.
For example, they can steal people’s Facebook accounts and impersonate them to ask for money, deliver malware, or promote dangerous and fake narratives. They can even use the obtained information to target businesses with phishing emails, the researchers concluded.
What’s more, they don’t even need to deliver the bot malware to target endpoints themselves. They can simply purchase the data on the dark web. The average price for a single person’s dataset is roughly $6, it was said.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“To protect yourself, use an antivirus at all times. Other measures that could help – a password manager and file encryptions tools to make sure that even if a criminal infects your device, there is very little for them to steal,” adds Adrianus Warmenhoven.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
I fell in love with the cute and compact Hyundai Inster, but it has one major drawback
