Bot malware, where incidents automated malicious code capable of exfiltrating entire user profiles from target endpoints, are on the rise, a new report from NordVPN has warned.
The company’s research claims that the data of five million people has been stolen by bot malware since 2018, covering 26.6 million usernames and passwords, including almost a million Google credentials, and more than a million Microsoft and Facebook logins combined.
Bot malware is more dangerous than your average malware, because by stealing entire user profiles, they enable the operators to bypass multi-factor authentication protection.
Bypassing MFA
“When a criminal hacks a password, they cannot complete the identity authentication if the user has MFA enabled. However, if a criminal obtains their victim’s cookies and device configuration information, they can trick the security systems and avoid MFA activation. Because bot malware provides criminals with the entire digital identity of their victims — it presents a brand new set of risks,” said Adrianus Warmenhoven, cybersecurity advisor at NordVPN.
What makes these attacks even more dangerous is the fact that the barrier for entry is quite low. Even unskilled hackers can use these user profiles to log into people’s accounts and use them for various nefarious purposes.
For example, they can steal people’s Facebook accounts and impersonate them to ask for money, deliver malware, or promote dangerous and fake narratives. They can even use the obtained information to target businesses with phishing emails, the researchers concluded.
What’s more, they don’t even need to deliver the bot malware to target endpoints themselves. They can simply purchase the data on the dark web. The average price for a single person’s dataset is roughly $6, it was said.
“To protect yourself, use an antivirus at all times. Other measures that could help – a password manager and file encryptions tools to make sure that even if a criminal infects your device, there is very little for them to steal,” adds Adrianus Warmenhoven.
