Unreported Trojan stole 1,2 TB of personal data

Issue 3 2021 Editor's Choice

A new study by NordLocker in partnership with third-party researchers has analysed statistical data gathered from 3,25 million Windows-based computers worldwide infected with a malicious Trojan. The recently discovered database hosts 1,2 TB of stolen information, including billions of personal records like passwords, cookies and files that date back to 2018. Around 22% of stolen cookies were valid on the day of the discovery.

“This Trojan is just the tip of the iceberg, as unaware users are exposed to thousands of types of malware every day. The latest statistics indicate that, in 2020, over 111 million malware infections affected devices running on the Windows operating system,” says Oliver Noble, a cybersecurity expert at NordLocker. “Our case study digs deeper into malware to illustrate how bad actors operate and what damage computer viruses can actually cause.”

To present the alarming findings, the researchers shared depersonalised data stolen by the malware with NordLocker analysts, who then categorised the most valuable information into four large types: credentials, cookies, files and software data.


The unnamed malware, which was transmitted via email attachments and illegal software, successfully stole around 26 million credentials from around 1 million different websites. The most affected services were social media websites, such as Facebook (1,5 million of stolen credentials), Twitter (261 773), and Instagram (153 754), email service providers, namely Google (1,5 million), Outlook (403 580), and Yahoo (224 961), and streaming websites like Netflix (170 067), Twitch (106 690), and Spotify (61 349).

“Stolen credentials, i.e. a username or an email accompanied by a password, can wreak havoc not only on your social media. Imagine hackers getting their hands on your private emails, financial services and even online shopping accounts, which usually contain your credit card details,” warns Oliver Noble.


Among the staggering amount of stolen data, NordLocker analysts found more than 2 billion cookies, 22% of which were valid on the day of the discovery. The majority of stolen cookies come from online marketplaces like AliExpress (4,8 million of stolen cookies), online gaming platforms like Steam (2 million), file hosting and sharing services like MediaFire (3,2 million), social media like Facebook (8 million), and video streaming services like YouTube (17,1 million).

Cookies are essential for some websites to operate, but they can also help hackers construct a pretty accurate picture of a website visitor, including their location, browsing history, habits and interests. If a cookie gets hijacked, a cybercriminal might impersonate a victim and even gain unauthorised access to their online accounts.

“Even though hackers won’t be able to empty your bank account with the cookies stolen from your online banking session, they can learn your bank’s name and timestamps of your transactions. This information can be used in phishing scams where hackers might try to contact you pretending to be the bank’s representative and trick you into giving away your personally identifiable information,” Noble explains.


The malware stole over 6,6 million files the affected users stored on their desktops and in the Downloads folder. Of those files, 50% are text files, while over 16% are image files like .png and .jpg, and around 10,5% of all stolen files are of .doc, .docx and .pdf type.

“On average, the malware stole only two files from each computer. This indicates that users are getting smarter and more security-focused, which means they keep important information in the cloud or somewhere else to conceal it from prying eyes,” says the cybersecurity expert at NordLocker. “However, we also found that some people still store confidential documents, photocopies of passports and even passwords written down in Notepad on their desktop, thus risking the exposure of their most sensitive data.”

Software data

The analysed database also contains autofill data and payment information from 48 applications. NordLocker’s study shows that the malware targeted apps, mostly web browsers, to steal the vast majority of data. It also extracted data from messaging apps, email providers, as well as file-sharing and gaming clients. For example, the virus stole 19,4 million credentials (an email or username together with a password) from Google Chrome, 3,3 million credentials from Mozilla Firefox and 2 million from Opera. There are also thousands of credentials stolen from big names like Torch, Brave, Vivaldi and Yandex.

“This piece of data should be very alarming to people who use the autofill feature in their browser. Although this functionality is very convenient and saves time, it comes with great security risks as it’s not malware-proof. Stolen credentials enable hackers to log in to your online accounts and access your personal information. And it might take you a while to notice suspicious activities that indicate your data was breached,” Noble claims.

“For every malware that gets worldwide recognition and coverage, there are thousands of smaller yet very efficient custom viruses. These are nameless pieces of malicious code that are compiled and sold on online forums and in private chats for as little as $100,” Noble explains. “Our malware case study shows only a small part of the information that is stolen by malware every day. Therefore, users need to stay alert and take precautions to protect their personal computers and everything on them."

* Install antivirus software. Despite some limitations when it comes to new types of malware, antivirus software is still one of the most reliable tools protecting your system.

* Learn to identify phishing emails. Don’t download suspicious attachments or click on suspect links within an email. Always verify the sender and the contents before clicking anything inside.

* Use a password manager to help you generate complex and unique passwords and store them in a safe vault.

* Use multi-factor authentication where possible for an extra layer of protection.

* Download software only from reputable sources. Malware is often distributed through illegal programs, so make sure to only use legal software that you acquired from official brands and websites.

* Encrypt sensitive files stored on your computer and in the cloud. There’re easy-to-use file encryption tools that turn your information into uncrackable codes that even skilled hackers can’t read without your permission.

* Store your files in an encrypted cloud. In many cases, an end-to-end encrypted cloud is the ultimate security tool. It protects your data from malware and provides a backup in case of loss or if your system is infected with ransomware.

Note: NordLocker reported the findings to US-CERT and the cloud storage provider, which has taken the open database down.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

2024 Southern Africa OSPAs winners announced
Editor's Choice
The 2024 Southern Africa Outstanding Security Performance Awards (OSPAs) winners were revealed on Tuesday, June 11th, at the Securex South Africa Seminar Theatre hosted by SMART Security Solutions.

Resident management app shows significant growth
Editor's Choice
My Estate Life is a mobile app for residents and managers in housing estates and buildings. Its core aim is to be an easy gateway for residents to manage visitors and staff, and to communicate and administer general property in a simple interface.

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

The future of digital identity in South Africa
Editor's Choice Access Control & Identity Management
When it comes to accessing essential services, such as national medical care, grants and the ability to vote in elections to shape national policy, a valid identity document is critical.

Do you need a virtual CIO?
Editor's Choice News & Events Infrastructure
If you have a CIO, rest assured that your competitors have noticed and will come knocking on their door sooner or later. A Virtual CIO service is a compelling solution for businesses navigating tough economic conditions.

AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.