This unreported trojan managed to steal 1.2 TB of personal data

Trojan remain undetected for two years while infecting over 3m computers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A malicioustrojanthat want unreported has managed to steal 1.2TB of personal data including passwords, cookies and files from unsuspecting users online.

Security experts fromNordLockeralong with third-party researchers analyzed statistical data from 3.25m computers runningWindows 10that were infected to compile anew studyon the unreported trojan and the malware behind it.

The 1.2TB of data stolen from the trojan was discovered in a database that includes billions of personal records and dates back to 2018-2020. To distribute theirmalware, cybercriminals uses malicious email attachments and illegal software.

The malware was successfully able to steal 26m credentials from around 1m different websites. It stole credentials fromsocial media sitesincluding Facebook (1.5m), Twitter (261k), and Instagram (153k),email service providersincludingGoogle(1.5m), Outlook (403k) and Yahoo (224m) as well asstreaming servicesincluding Netflix (170k), Twitch (106k) and Spotify (61k).

Stolen cookies, files and data

Among the 1.2TB of data, NordLocker’s analysts found more than 2bn cookies and surprisingly, 22 percent of them were valid on the day of the discovery. The majority of thesestolen cookiescame AliExpress (4.8m),Steam(2m), MediaFire (3.2m), Facebook (8m) andYouTube(17.1m).

In addition to helping some websites operate, cookies can also be used by cybercriminals to create a fairly accurate picture of a website visitor including their location, browsing history, habits and interests. Stolen cookies can then be used to impersonate a victim and even potentially to gain access to their online accounts.

The malware also stole over 6.6m files stored on the desktops and Downloads folders of victims including text files, image files and other documents. Cybersecurity expert at NordLocker, Oliver Noble explained how consumers are getting smarter when it comes to protecting themselves online though there is still work to be done, saying:

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“On average, the malware stole only 2 files from each computer. This indicates that users are getting smarter and more security-focused, which means they keep important information in the cloud or somewhere else to conceal it from prying eyes. However, we also found that some people still store confidential documents, photocopies of passports, and even passwords written down in Notepad on their desktop, thus risking the exposure of their most sensitive data.”

In order to avoid falling victim to this trojan and other malware like it, users should installantivirus softwareon their Windows machines, usemalware removal softwareto deal with viruses, keep a backup of their most important files in theircloud storageand avoid opening attachments from unknown senders as well as illegally downloading software online.

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This dangerous new malware is hitting Windows devices by hiding in games

Windows PCs targeted by new malware hitting a vulnerable driver

Steps to take when your phone number is publicly listed online