Security researchers have discovered over 140,000 breached passwords associated with accounts on hacking forums after their owners were infected with info-stealing malware.
Hudson Rock trawled its cybercrime intelligence database for infected computers with credentials associated with the top 100 cybercrime sites. It found 120,000 such computers, claiming many of these belonged to hackers.
When a machine is infected with info-stealing malware, a “substantial” amount of data can be retrieved which helps to unmask the owner, including emails and account usernames, auto-fill data containing personal information like addresses and phone numbers, and system information like IP addresses, the security firm explained.
“Info-stealer infections as a cybercrime trend surged by an incredible 6000% since 2018, positioning them as the primary initial attack vector used by threat actors to infiltrate organizations and execute cyber-attacks, including ransomware, data breaches, account overtakes, and corporate espionage,” it added.
Most of the info-stealer malware found during the research was Redline, followed by Raccoon and Azorult. Those exposed in the research mainly hailed from Tunisia, followed by Malaysia, Belgium, the Netherlands and Israel.
The cybercrime forum with the most exposed infected users was “Nulled.to,” followed by “Cracked.io” and “Hackforums.net.”
Interestingly, the research team discovered that most of the credentials used on the hacking sites were stronger than those used even on government and military sites.
“By analyzing passwords of users from the various forums, Hudson Rock determined that the forum with the strongest user passwords is Breached.to, while the one with the weakest user passwords is the Russian site Rf-cheats.ru,” the vendor added.
Usernames and passwords are routinely found in large numbers circulating on the cybercrime underground. In 2021, SpyCloud discovered nearly 1.5 billion breached log-in combos circulating online and billions more pieces of personal information (PII).
For users with more than one password exposed, SpyCloud found that 60% of credentials were reused across multiple accounts, rising to 87% for US .gov emails – exposing them to credential stuffing and other brute force tactics.