Malicious bots are on the rise, where incidents have automated malicious code capable of exfiltrating entire user profiles from targeted endpoints, a new NordVPN report warns.
The company’s research shows that since 2018, the malware has stolen the data of five million people, covering 26.6 million usernames and passwords, including nearly a million Google credentials and over a million Microsoft and Facebook logins combined.
Bot malware is more dangerous than average malware because by stealing entire user profiles, it allows operators to bypass multi-factor authentication protection.
Bypassing MFA
“When a criminal cracks a password, they cannot complete identity authentication if the user has MFA enabled. However, if a criminal obtains cookies and device configuration information from his victim, he can trick security systems and avoid MFA activation. Because bot malware provides criminals with the full digital identity of their victims, it presents a whole new set of threats,” said Adrianus Warmenhoven, Cybersecurity Advisor at NordVPN.
What makes these attacks even more dangerous is the fact that the barrier to entry is quite low. Even unskilled hackers can use these user profiles to log into other people’s accounts and use them for various nefarious purposes.
For example, they can steal people’s Facebook accounts and impersonate them to ask for money, deliver malware, or promote dangerous and false narratives. The researchers concluded that they could even use the information obtained to attack companies with phishing emails.
What’s more, they don’t even have to deliver the bot malware to the targeted endpoints themselves. They can just buy data on the dark web. The average price for a single person dataset is said to be around $6.
“To protect yourself, always use an antivirus. Other measures that can help – a password manager and file encryption tools to make sure that even if a criminal does infect your device, they won’t have much to steal,” adds Adrianus Warmenhoven.