User Login    
 + Register
News : Massive Malware Campaign Steals Everybody's Passwords
Posted by Randy on 2014/7/16 4:34:27 (513 reads) News by the same author

(yahoo.com) - Who, or what, is NightHunter? And what do they — or it — want?
Click to see original Image in a new window

Security researchers discovered last week that for the past five years, a mysterious group has been stealing user credentials from Facebook, Dropbox, Skype, Amazon, LinkedIn, Google, Yahoo, Hotmail, the Indian Web portal Rediff and several banks. Dubbed NightHunter, the campaign appears to have amassed an enormous database of stolen information.

The goals of the attacks remain unclear. NightHunter appears untargeted, simply interested in collecting as many user credentials as possible, according to Santa Clara, California-based security company Cyphort, which discovered and named NightHunter.

The NightHunter campaign involves several different types of keyloggers, including Predator Pain, Limitless and Spyrex. What sets NightHunter apart — and has made it so difficult to trace — is the fact that the keylogging malware relays its captured data back to the criminals in an unusual way: by emailing it.

Most malware communicates with its operators using Web protocols such as HTTP or Internet Relay Chat. But the NightHunter malware uses the email protocol SMTP, which has been around since 1982. SMTP "is outdated and often overlooked, so it can be a more stealthy way of data theft," wrote Cyphort's McEnroe Navaraj in a company blog post disclosing the findings.

NightHunter's preferred method of infecting target computers appears to be via phishing emails, Navaraj says. These emails are sent to personnel in the finance, sales or HR departments of all sorts of large companies and organizations, and bear .doc, .zip or .rar attachments, sometimes with fake IDM or 7zip installers bundled in. Some of the phishing emails are crafted to appear to be from goods-resale agents.

In addition to logging user keystrokes, the NightHunter malware also gathers and relays information about the Web browsers, instant-messaging and email clients, password managers, Bitcoin wallets or video games present on an infected computer.

Since 2009, NightHunter has amassed such an enormous database of stolen credentials from the abovementioned online services that, according to Cyphort, whoever is behind the campaign is in a position to do some serious damage.

"The potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks is high," Navaraj wrote in the blog post. "The actors behind NightHunter can use the trove of stolen credentials to leverage big-data analytics and enable new cyberthreats, for purposes of extortion, credit card or bank fraud, stealing state secrets or corporate espionage."

Printer Friendly Page Send this Story to a Friend Create a PDF from the article


Other articles
2015/4/17 11:00:00 - THS Senior Named Missouri's FFA President
2015/4/17 10:31:23 - NCMC Postseason Nemesis To Host National Tournament, Starting in March 2017
2015/4/17 10:30:00 - Trenton Clipped By Chariton In Tight Boys Tennis Battle
2015/4/17 10:21:00 - NCMC Pirates Blow Late-Game Lead, Swept On Thursday
2015/4/17 10:06:32 - Trenton Middle School Boys Win PC Relays
2015/4/17 9:20:00 - Trenton Girls, Brookfield Boys Win Trenton Relays Team Titles
2015/4/17 9:00:42 - Lawson Wins Cameron Golf Invitational, Trenton Sixth
2015/4/17 8:41:25 - Mizzou Basketball Signs Point Guard To '15 Class
2015/4/17 8:20:00 - Phi Mu Epsilon Hosts 90th Anniversary Party At NCMC
2015/4/17 8:10:00 - Daviess County Hosts Solid Waste Collection In May
2015/4/17 8:05:44 - Grand River Tech Organization To Host Mock Accident
2015/4/17 7:57:31 - Sullivan County Lifts Boil Advisory
2015/4/17 7:40:00 - Area FFA Students Compete For State Awards
2015/4/17 7:33:07 - Gallatin Hires New City Administrator
2015/4/17 7:27:41 - Man Shot, Killed In MU Parking Garage
2015/4/16 11:23:07 - NCMC Makes Signing Of THS Standout Official
2015/4/15 15:20:00 - Trenton Girls Dominate TMS Track Meet At CF Russell Stadium
2015/4/15 15:17:18 - Savages Sweep THS Boys Tennis
2015/4/15 15:07:07 - Eighth-Inning Wild Pitch Gives NCMC Baseball Victory In Kansas
2015/4/15 15:00:44 - NCMC Lady Pirates Trample Graceland JV
2015/4/15 13:10:00 - Laredo Board Approves Raise For Certified Staff
2015/4/15 13:10:00 - Newtown-Harris Offers Contract To Principal Foster
2015/4/15 13:10:00 - Princeton Basketball Coach Resigns, Takes Principal Job At Ridgeway
2015/4/15 11:20:00 - Trenton Resident Charged With Marijuana Possession
2015/4/15 11:20:00 - Pleasant View District To Place New Sign In Front Of School
2015/4/15 11:10:00 - Trenton R-9 Announces New Hirings For 2015-16 School Year
2015/4/15 10:40:00 - Novinger Wildcats Cruise At Milan
2015/4/15 9:44:17 - Trenton Lady Bulldogs Win Brookfield Relays
2015/4/15 9:40:00 - NCMC Women's Basketball Hits Iowa For 2015 Recruit
2015/4/15 9:27:25 - Shorthanded Trenton Beats Princeton In Monday Golf Duel



Bookmark this article at these sites

                   

Listen to KTTN-FM