Latest news with #infostealers
Yahoo
06-07-2025
- Business
- Yahoo
A Modern-Day Plague: Infostealers Expose Billions Of Log-In Credentials, Compromising Digital Safety
Benzinga and Yahoo Finance LLC may earn commission or revenue on some items through the links below. Some 30 datasets, filled with 16 billion login credentials that had been stolen by cybercriminals from platforms like Apple, Google, and Facebook, have been found on the dark web, Cybernews reported last week. "This is not just a leak – it's a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What's especially concerning is the structure and recency of these datasets – these aren't just old breaches being recycled. This is fresh, weaponizable intelligence at scale," Cybernews' researchers said. Don't Miss: — no wallets, just price speculation and free paper trading to practice different strategies. Grow your IRA or 401(k) with Crypto – . Following the release of that information, experts are warning CNBC that infostealers — a form of malware that extracts sensitive information from personal devices— are becoming a modern-day plague. Co-founder of the cybersecurity consultancy Security Discovery, Volodymyr Diachenko, worked on the Cybernews discoveries. He told CNBC that infostealers have become so pervasive that, "Someone, somewhere, is having data exfiltrated from their machines as we speak." Not all of the data included in the logins was fully original, Diachenko says. Large portions of it were likely outdated or duplicates, but it still provides much-needed perspective on just how much of our supposedly private information is circulating on the web. Trending: New to crypto? on Coinbase. Palo Alto Networks' (NASDAQ:PANW) president of Asia-Pacific and Japan, Simon Green, also told CNBC the Cybernews findings are alarming but not totally unexpected. "Many modern infostealers are designed with advanced evasion techniques, allowing them to bypass traditional, signature-based security controls, making them harder to detect and stop," he said. According to these experts, there has been a significant uptick in major infostealer attacks thanks to underground markets that provide this malware. Often located on the dark web, these markets supply malicious tools for a fee, and have created demand for cybercriminals to steal the data and then sell it on to scammers."Cybercrime-as-a-Service is the critical enabler here. It has fundamentally democratized cybercrime," Green told CNBC. These data breaches now represent a "vast, interconnected web of compromised identities" that can fuel subsequent attacks, he continued. Vice president of threat research & intelligence at cybersecurity company Artic Wolf, Ismael Valenzuela, told CNBC that with the increase of malware and internet use, it's safe to assume that most people will come into contact with an infostealer at some point. Frequent password updates and multifactor authentication have become more important than ever, Valenzuela says. Read Next: Named a TIME Best Invention and Backed by 5,000+ Users, Kara's Air-to-Water Pod Cuts Plastic and Costs — Image: Shutterstock This article A Modern-Day Plague: Infostealers Expose Billions Of Log-In Credentials, Compromising Digital Safety originally appeared on Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Forbes
30-06-2025
- Forbes
If You See These Messages On Your PC, You're Being Hacked
Do not become a ClickFix victim. There's a new attack 'taking the threat landscape by storm,' and it should have all PC users worried. 'While virtually nonexistent a year ago,' this attack has surged to such an extent in recent months that it's now second only to phishing on the danger list. We're talking so-called ClickFix attacks, in which you are tricked into hacking your own PC when you follow on-screen instructions to fix a technical issue, open a secure file or website, or prove your human through a popup CAPTCHA challenge. The latest warning comes from ESET, which says in its latest Threat Report that these attacks have now 'skyrocketed.' That should maybe be no surprise, given the multiple warnings that have been issued in recent months. But what should come as more of a surprise is that these attacks are still claiming countless victims, despite being so easy to detect and avoid — in theory at least. ClickFix attack ESET warns 'payloads at the end of ClickFix attacks vary widely – from infostealers to ransomware and even to nation-state malware – making this a versatile and formidable threat.' It targets different operating systems, but this is really a Windows PC threat. ClickFix always works by asking users to copy and paste text into a Run window, thus executing a script. That script can itself be dangerous, but more likely seems benign and actually downloads and runs the malicious script out of sight of the user. 2025 Threat Report 'By the end of 2024,' ESET says, 'attacks using the same social engineering technique flooded the web. Threat actors have been creating fake websites mimicking popular services – such as or Google Meet – compromising legitimate websites with fake browser update prompts, fake Cloudflare verifications or reCAPTCHA checks, and distributing links leading to ClickFix pages via email campaigns.' ClickFix attack. The ClickFix attack is just a shop window for multiple threats that will be installed on your device if you fall for that initial lure. 'The list includes popular infostealers such as Lumma Stealer, VidarStealer, StealC, and Danabot; remote access trojans such as VenomRAT, AsyncRAT, and NetSupport RAT; remote monitoring and management tools such as MeshAgent; post-exploitation frameworks such as Havoc and Cobalt Strike; and cryptominers, loaders, clipboard hijackers, and much more.' If you're not worried yet, then you should be. These attacks are varying rapidly. Hackers are seeking out new lures and testing what works best. The capability is also being farmed out to multiple groups with different malware to deploy. Recent attacks have even "attempted to deploy Interlock (formerly Rhysida) ransomware.' If you see a message — however worded — asking you to press the Windows Key + 'R' and then 'Ctrl+V' to paste and then 'Enter," then you PC is being hacked. Period. Do none of those things. Escape or force exit the program. And then reboot your PC. If you think you have fallen into a ClickFix trap, run an antivirus scan on your PC and change all key account passwords. You should also check your financial accounts.
Yahoo
21-06-2025
- Yahoo
Why You Should Never Click Old Discord Invite Links
If you've received an invite link to Discord but never used it to join that specific server, don't click through it weeks or months later. As Bleeping Computer reports, hackers have repurposed Discord invite links that have expired or been deleted to deliver malware, including infostealers and keyloggers. How Discord links are spreading malware The malware campaign, identified by Check Point Research, capitalizes on a flaw in how Discord handles invite links, which can be temporary or permanent or, for paid servers with Level 3 Boost status, customized. URLs to join regular Discord servers are randomly generated and unlikely to ever repeat, but vanity links—as well as expired temporary invite links and deleted permanent invite links—can be claimed and reused. Discord also allows invite codes with uppercase letters to be recycled in vanity links with lowercase letters while the original is still active. This means that hackers can redirect users to malicious servers via links originating from legitimate Discord communities. These links are being shared on social media and official community websites. When a user clicks the stolen link, they land on a Discord server that looks authentic and prompts them to verify their identity to unlock access. The verification link launches a ClickFix web page, which indicates that a (fake) CAPTCHA has failed to load and directs the user to "verify" by manually running a Windows command. This executes a PowerShell script, which downloads and installs the malware. The payload itself may include malicious programs—like AsynchRAT, Skuld Stealer, and ChromeKatz—that allow keylogging, webcam or microphone access, and infostealing to harvest browser credentials, cookies, passwords, Discord tokens, and/or crypto wallet data. According to Check Point's analysis, the malware has numerous features that allow it to evade detection by antivirus tools. The report also notes that while Discord took action to mitigate this specific campaign, the risk of similar bots or alternative delivery methods still exists. How to avoid malicious Discord links First and foremost, be wary of old Discord invite links, especially those posted on social media or forums weeks or months back. (Temporary invite URLs on Discord can be set to expire within 30 minutes or up to a default of seven days.) Don't click links from users you don't know and trust, and request a new invite rather than relying on an old one. You should use caution when engaging with verification requests, especially those that prompt you to copy and run manual commands on your device. ClickFix attacks via fake CAPTCHA requests abound, and any verification that tells you to execute a Run command is not legit. If you run a Discord server, use permanent invite links, which are harder to steal and repurpose than temporary or custom URLs.
The Guardian
21-06-2025
- The Guardian
Internet users advised to change passwords after 16bn logins exposed
Internet users have been told to change their passwords and upgrade their digital security after researchers claimed to have revealed the scale of sensitive information – 16bn login records – potentially available to cybercriminals. Researchers at Cybernews, an online tech publication, said they had found 30 datasets stuffed with credentials harvested from malicious software known as 'infostealers' and leaks. The researchers said the datasets were exposed 'only briefly' but amounted to 16bn login records, with an unspecified number of overlapping records – meaning it is difficult to say definitively how many accounts or people have been exposed. Cybernews said the credentials could open access to services including Facebook, Apple and Google – although there had been no 'centralised data breach' at those companies. Bob Diachenko, the Ukrainian cybersecurity specialist behind the research, said the datasets had become temporarily available after being poorly stored on remote servers – before being removed again. Diachenko said he was able to download the files and would aim to contact individuals and companies that had been exposed. 'It will take some time of course because it is an enormous amount of data,' he said. Diachenko said the information he had seen in infostealer logs included login URLs to Apple, Facebook and Google login pages. Apple and Facebook's parent, Meta, have been contacted for comment. A Google spokesperson said the data reported by Cybernews did not stem from a Google data breach – and recommended people use tools like Google's password manager to protect their accounts. Internet users are also able to check if their email has been compromised in a data breach by using the website Cybernews said the information seen in the datasets followed a 'clear structure: URL, followed by login details and a password'. Diachenko said the data appeared to be '85% infostealers' and about 15% from historical data breaches such as a leak suffered by LinkedIn. Experts said the research underlined the need to update passwords regularly and adopt tough security measures such as multifactor authentication – or combining a password with another form of verification such as a code texted from a phone. Other recommended measures include passkeys, a password-free method championed by Google and Facebook's owner, Meta. 'While you'd be right to be startled at the huge volume of data exposed in this leak it's important to note that there is no new threat here: this data will have already likely have been in circulation,' said Peter Mackenzie, the director of incident response and readiness at the cybersecurity firm Sophos. Mackenzie said the research underlined the scale of data that can be accessed by online criminals. 'What we are understanding is the depth of information available to cybercriminals.' He added: 'It is an important reminder to everyone to take proactive steps to update passwords, use a password manager and employ multifactor authentication to avoid credential issues in the future.' Toby Lewis, the global head of threat analysis at the cybersecurity firm Darktrace, said the data flagged in the research is hard to verify but infostealers – the malware reportedly behind the data theft – are 'very much real and in use by bad actors'. He said: 'They don't access a user's account but instead scrape information from their browser cookies and metadata. If you're following good practice of using password managers, turning on two-factor authentication and checking suspicious logins, this isn't something you should be greatly worried about.' Cybernews said none of the datasets have been reported previously barring one revealed in May with 184m records. It described the datasets as a 'blueprint for mass exploitation' including 'account takeover, identity theft, and highly targeted phishing'. The researchers added: 'The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data.' Alan Woodward, a professor of cybersecurity at Surrey University, said the news was a reminder to carry out 'password spring cleaning'. He added: 'The fact that everything seems to be breached eventually is why there is such a big push for zero trust security measures.'
Yahoo
21-06-2025
- Yahoo
Billions of login credentials have been leaked online, Cybernews researchers say
NEW YORK (AP) — Researchers at cybersecurity outlet Cybernews say that billions of login credentials have been leaked and compiled into datasets online, giving criminals 'unprecedented access' to accounts consumers use each day. According to a report published this week, Cybernews researchers have recently discovered 30 exposed datasets that each contain a vast amount of login information — amounting to a total of 16 billion compromised credentials. That includes user passwords for a range of popular platforms including Google, Facebook and Apple. Sixteen billion is roughly double the amount of people on Earth today, signaling that impacted consumers may have had credentials for more than one account leaked. Cybernews notes that there are most certainly duplicates in the data and so 'it's impossible to tell how many people or accounts were actually exposed.' It's also important to note that the leaked login information doesn't span from a single source, such as one breach targeting a company. Instead, it appears that the data was stolen through multiple events over time, and then compiled and briefly exposed publicly, which is when Cybernews reports that its researchers discovered it. Various infostealers are most likely the culprit, Cybernews noted. Infostealers are a form of malicious software that breaches a victim's device or systems to take sensitive information. Many questions remain about these leaked credentials, including whose hands the login credentials are in now. But, as data breaches become more and more common in today's world, experts continue to stress the importance of maintaining key 'cyber hygiene.' If you're worried about your account data potentially being exposed in a recent breach, the first thing you can do is change your password — and avoid using the same or similar login credentials on multiple sites. If you find it too hard to memorize all your different passwords, consider a password manager or passkey. And also add multifactor authentication, which can serve as a second layer of verification through your phone, email or USB authenticator key.
