Latest news with #infostealer
Forbes
3 days ago
- Forbes
Hackers Pay $30 To Steal Passwords From Chrome, Edge, Brave And Firefox
The shockingly low cost of password hacking exposed. A new hacking tool is proving popular with password hackers for very good reason: it provides everything they need to go on a browser-based credentials hunt for what is, all things considered, a bargain basement price. It's not only your passwords they can steal, but a whole bunch of other stuff as well: cryptocurrency keys, private messaging tokens and browser session data, for example. Password Hackers Can Use The Katz Infostealer Service For As Little As $30 Per Month Microsoft has given users of its Authenticator app until August 1 to save their passwords as it looks to switch users to its Edge browser. The same tech giant, which, along with others such as Google, is also trying to get users to switch to passkey technology en masse. This is hardly surprising given that passwords are so insecure, and attackers look to exploit them at every turn. While I can support the change to passkeys, I'm not so sure about moving passwords from dedicated password management apps to web browsers. If you want to know why, look no further than the newly published analysis of the Katz infostealer malware-as-a-service threat. Jim Walter knows more than a thing or two about the revolving trend and tactics employed by cybercriminals. As a senior threat researcher with SentinelOne, specializing in uncovering and analyzing emerging cybercrime services, Walter has just published an in-depth look at the Katz password hacking threat. Launched earlier this year, Katz Stealer is described by Walker as a feature-rich infostealer that has quickly gained attention within password hacking circles. Marketed through all the usual cybercrime forums, and on the surface through groups on networks such as Discord and Telegram, Katz is packed to the gills with credential and data theft capabilities, alongside an impressive suite of detection-evading features. 'The turnkey nature of the Katz Stealer service, along with accessible pricing,' Walter said, 'has led to rapid adoption by threat actors across the spectrum of capability.' Low Cost Of Entry For Password Hackers Ah, yes, the pricing. Remember, this is password theft as a service, so hackers have to pay for the privilege of using Katz, but the payouts are obviously well worth the relatively small investment. With prices starting at $50 per month, this drops to as low as $30 for a 12-month commitment. The low cost of Katz Stealer rental revealed. For this, threat actors get access to a web-based management panel, which also operates as the back-end for the infostealer, so that exfiltrated data can be processed and searched. Katz Stealer management panel. 'The infostealer can harvest data from all commonly used web browsers,' Walter said, including Chrome, Edge, Brave, Firefox and various Chromium/Gecko-offshoots. 'Saved passwords, login session cookies, saved session tokens, autofill data (including stored credit card CVV data) are all targeted.' Walter also warned that despite Google introducing application-bound encryption to Chromium in 2024, which effectively 'ties the decryption of stored passwords and cookies to the logged-in OS user,' the Katz Stealer can bypass this by 'programmatically masquerading as the browser once injected.' I have approached Brave, Google, Microsoft and Mozilla for a statement. In the meantime, I would recommend taking note Walter concluded that 'Katz Stealer still relies on social engineering and user interaction to enable a successful compromise.' You know what to do then; be careful out there, don't fall for those social engineering tricks and don't click on things when you cannot be 100% sure where they lead. The password hackers are relying upon you not to follow this advice.
Tahawul Tech
25-06-2025
- Tahawul Tech
Protect your login credentials with these tips from Kaspersky
In light of a recent data breach reported by Cybernews, that saw 16 billion records exposed Kaspersky has weighed in Kaspersky telemetry shows a 21% growth in password stealer attack detections globally from 2023 to 2024. Infostealer malware has become one of the most pervasive cyber threats, targeting millions of devices worldwide and compromising sensitive personal and corporate data. These malicious programs are designed to extract credentials, cookies, and other valuable information, which is then aggregated into log files and circulated on the dark web. '16 billion records is a figure nearly double the Earth's population, and it's hard to believe such a vast amount of information could be exposed. This 'leak' refers to a compilation of 30 user data breaches from various sources. These data sets ('logs') are primarily obtained by cybercriminals through infostealers — malicious applications that steal information — and such incidents occur daily. Cybernews researchers collected this data over six months from the start of the year. Their dataset likely contains duplicates due to the persistent issue of password reuse among users. Therefore, although it was noted that none of the databases they found had been previously reported, this doesn't mean these credentials hadn't previously leaked from other services or been collected by other infostealers. This significantly reduces the potential number of unique and new user data in this collection, though determining an exact or even approximate figure is challenging without detailed analysis', comments Alexandra Fedosimova, Digital Footprint Analyst at Kaspersky. 'Cybernews research speaks of an aggregation of several data leaks over a long period – since the start of the year. This is a reflection of a thriving cybercrime economy that has industrialised credential theft. What we're seeing is part of a well-established cybercriminal market, where credentials are harvested via infostealers, phishing campaigns, and other malware, then collected, enriched, and resold — often multiple times. These so-called 'combo lists' are continuously updated, repackaged, and monetized by various actors on the dark web — and now increasingly on publicly accessible platforms', comments Dmitry Galov, Head of Kaspersky Global Research and Analysis Team (GReAT) for Russia and CIS. 'What's notable in this case is not the fact of a large-scale breach – or several breaches – on its own, but that Cybernews claims that the datasets were temporarily publicly exposed through unsecured channels, making them accessible to anyone who happened to find them'. 'This news is a good reminder to focus on digital hygiene and give an audit to all of your digital accounts. Regularly update your passwords and activate two-factor authentication (2FA) if it's not already enabled. If attackers have already gained access to your accounts, reach out to technical support right away to regain control and assess what other data might have been exposed. Use a reliable password manager, such as Kaspersky Password Manager, to securely store your credentials', comments Anna Larkina, Web Content Analysis Expert at Kaspersky. 'Users should also stay vigilant against social engineering scams, as fraudsters may use leaked details in multiple activities'. Image Credit: Stock Image
Yahoo
22-06-2025
- Yahoo
Urgent alarm issued after ‘mother of all data breaches' sees 16 billion passwords exposed — do this ASAP
A staggering 16 billion login credentials — including usernames, emails, and passwords for Apple, Google, Facebook and more — have been leaked online, shocking cybersecurity researchers. The data even contained the credentials of government officials, posing security concerns. The compromised data was scraped from over 30 databases since the start of 2025 and likely stems from malicious 'infostealer' software designed to extract sensitive information from victims' devices, a report published by Cybernews reveals. The leaked credentials span nearly every type of online service imaginable from social media and email accounts to VPNs and developer platforms. "No stone was left unturned," the report warns. Thanks to Jeff Bezos, you can now become a landlord for as little as $100 — and no, you don't have to deal with tenants or fix freezers. Here's how I'm 49 years old and have nothing saved for retirement — what should I do? Don't panic. Here are 6 of the easiest ways you can catch up (and fast) Nervous about the stock market in 2025? Find out how you can access this $1B private real estate fund (with as little as $10) This breach isn't just about stolen email addresses, it's about what cybercriminals can do with your full login credentials — especially if you tend to use the same passwords across your different accounts. Once hackers get your email and password combo, they can launch a range of attacks, including: Credential stuffing: Hackers try your login across banking, streaming, shopping, or investment sites. If you reuse passwords, they could gain access to your most sensitive accounts. Phishing and social engineering: With access to personal details or email accounts, scammers can send convincing fake messages or impersonate you to friends, coworkers, or customer service agents. Identity theft: Stolen credentials can be used to open credit cards, apply for loans, or take over government benefit accounts in your name. Access to 2FA and backups: If hackers get into your email, they may intercept security codes, password reset links, or even gain access to your cloud storage and documents. Google, Facebook, Netflix, Apple, LinkedIn, Dropbox and PayPal are among the slew of accounts with data compromised meaning nearly every kind of online identity is at risk. Even worse: many of the stolen credentials are in plain text, making them incredibly easy to exploit with automated tools. While the current combination of credential data is new, some of the data could also be from previous data breaches, including a database containing 184 million records discovered back in May of this year. Read more: Want an extra $1,300,000 when you retire? Dave Ramsey says — and that 'anyone' can do it With billions of passwords out in the wild, here's how to stay one step ahead of hackers: Change your passwords — especially for email, banking and shopping accounts. If you reuse passwords, it's time to break the habit. Turn on 2FA — that's two-factor authentication. It adds a second layer of defense, and it's free on most platforms. Use a password manager — stop relying on your memory (or sticky notes). Let an encrypted vault generate strong passwords for you. This makes it easier to change your password frequently, too. Watch your inbox — phishing scams tend to spike after big breaches. Don't click suspicious links, even if they look legit. Most importantly, monitor any financial accounts you have closely. Think PayPal, bank accounts and credit cards etc. Check your statements and even pull a credit report from Equifax, Experian or Transunion. 'This is the mother of all data breaches,' Ed Peters, CEO of Data Discovery Sciences, said to NBC 5 DFW. 'We tend to think of a lone hacker going and stealing your data. That's not the case.' With cybercriminals sitting on a dragon's hoard of credentials, experts say the risks of account takeovers, phishing and fraud are higher than ever. Don't wait for a 'suspicious activity' email — lock it down now. Rich, young Americans are ditching the stormy stock market — here are the alternative assets they're banking on instead Robert Kiyosaki warns of a 'Greater Depression' coming to the US — with millions of Americans going poor. But he says these 2 'easy-money' assets will bring in 'great wealth'. How to get in now This tiny hot Costco item has skyrocketed 74% in price in under 2 years — but now the retail giant is restricting purchases. Here's how to buy the coveted asset in bulk Here are 5 'must have' items that Americans (almost) always overpay for — and very quickly regret. How many are hurting you? Like what you read? Join 200,000+ readers and get the best of Moneywise straight to your inbox every week. This article provides information only and should not be construed as advice. It is provided without warranty of any kind.
The Verge
22-06-2025
- The Verge
About that '16 billion passwords' data breach.
Passkeys: all the news and updates around passwordless sign-ins See all Stories Posted Jun 22, 2025 at 5:08 PM UTC About that '16 billion passwords' data breach. The original source of the report, Cybernews , says that since the start of the year, its researchers have 'discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records.' This isn't a breach of one company or another's systems, but compiled records, with some believed to be from 'infostealer' malware, as well as previous leaks. As Bleeping Computer points out, what you should be doing hasn't changed -- using unique passwords with a password manager, enabling two-factor authentication, and adding other forms of security like passkeys and security keys that can replace passwords altogether.
Daily Mail
20-06-2025
- Daily Mail
Apple and Google passwords exposed
Cybersecurity researchers have uncovered what they are calling the 'mother of all breaches.' They discovered a massive collection of 30 databases containing more than 16 billion individual records, including passwords, for government accounts, Apple, Google, Facebook, Telegram and more websites. Some of the datasets had vague names like 'logins' or 'credentials,' which made it hard for the team to figure out exactly what they contained. Others, however, gave clues about where the data came from. According to the researchers, the records were most likely compiled by cybercriminals using various infostealing malware , though they noted that some data may also have been collected by so-called 'white hat' hackers. The team at Cybernews, which found the records, said the information available to the wider internet was only briefly, before being locked down, but it is not possible to determine who owned the databases. With more than 5.5 billion people worldwide using the internet, researchers warned that a staggering number of individuals likely had at least some of their accounts compromised. They are now urging users across the globe to change their passwords immediately to protect their data from falling into the hands of cybercriminals. 'The inclusion of both old and recent infostealer logs makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices,' the researchers said. Cybernews noted that its researchers identified a database of 184 million records that was previously uncovered in May, found by data breach hunter and security researcher Jeremiah Fowler. 'It barely scratches the top 20 of what the team discovered,' Cybernews explained. 'Most worryingly, researchers claim new massive datasets emerge every few weeks, signaling how prevalent infostealer malware truly is.' The database of 184 million records not only contained secure login data for millions of private citizens, but also had stolen account information connected to multiple governments around the world. While looking at a small sample of 10,000 of these stolen accounts, Fowler found 220 email addresses with .gov domains, linking them to more than 29 countries, including the US, UK, Australia, Canada, China, India, Israel, and Saudi Arabia. 'This is probably one of the weirdest ones I've found in many years,' Fowler told WIRED . 'As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal's dream working list,' the cybersecurity expert continued. In total, Fowler discovered 47 gigabytes of data with sensitive information for accounts on various sites, including Instagram, Microsoft, Netflix, PayPal, Roblox, and Discord. The best action to take right now is to change your passwords if you use any of these platforms and also activate Two-Factor Authentication, which adds another layer of security to logging in by sending a secure code to your phone or email. The unprotected database was managed by World Host Group, a web hosting and domain name provider founded in 2019. It operates over 20 brands globally, offering cloud hosting, domain services, and technical support for businesses of all sizes. Once Fowler confirmed that the exposed information was genuine, he reported the breach to World Host Group, which shut down access to the database. Seb de Lemos, CEO of World Host Group, told WIRED: 'It appears a fraudulent user signed up and uploaded illegal content to their server.' Fowler said 'the only thing that makes sense' is that the breach was the work of a cybercriminal because there's no other way to gain that much access to information from so many servers around the world. The cybersecurity expert warned that this particular breach also poses a major national security risk. Exploiting government email accounts could allow hackers and foreign agents access to sensitive or even top-secret systems. The stolen data could also be used as part of a larger phishing campaign, using one person's hacked account to gain private information from other potential victims.
