User Login    
 + Register
PDQ Cleaning
News : Massive Malware Campaign Steals Everybody's Passwords
Posted by Randy on 2014/7/16 4:34:27 (598 reads) News by the same author

( - Who, or what, is NightHunter? And what do they — or it — want?
Click to see original Image in a new window

Security researchers discovered last week that for the past five years, a mysterious group has been stealing user credentials from Facebook, Dropbox, Skype, Amazon, LinkedIn, Google, Yahoo, Hotmail, the Indian Web portal Rediff and several banks. Dubbed NightHunter, the campaign appears to have amassed an enormous database of stolen information.

The goals of the attacks remain unclear. NightHunter appears untargeted, simply interested in collecting as many user credentials as possible, according to Santa Clara, California-based security company Cyphort, which discovered and named NightHunter.

The NightHunter campaign involves several different types of keyloggers, including Predator Pain, Limitless and Spyrex. What sets NightHunter apart — and has made it so difficult to trace — is the fact that the keylogging malware relays its captured data back to the criminals in an unusual way: by emailing it.

Most malware communicates with its operators using Web protocols such as HTTP or Internet Relay Chat. But the NightHunter malware uses the email protocol SMTP, which has been around since 1982. SMTP "is outdated and often overlooked, so it can be a more stealthy way of data theft," wrote Cyphort's McEnroe Navaraj in a company blog post disclosing the findings.

NightHunter's preferred method of infecting target computers appears to be via phishing emails, Navaraj says. These emails are sent to personnel in the finance, sales or HR departments of all sorts of large companies and organizations, and bear .doc, .zip or .rar attachments, sometimes with fake IDM or 7zip installers bundled in. Some of the phishing emails are crafted to appear to be from goods-resale agents.

In addition to logging user keystrokes, the NightHunter malware also gathers and relays information about the Web browsers, instant-messaging and email clients, password managers, Bitcoin wallets or video games present on an infected computer.

Since 2009, NightHunter has amassed such an enormous database of stolen credentials from the abovementioned online services that, according to Cyphort, whoever is behind the campaign is in a position to do some serious damage.

"The potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks is high," Navaraj wrote in the blog post. "The actors behind NightHunter can use the trove of stolen credentials to leverage big-data analytics and enable new cyberthreats, for purposes of extortion, credit card or bank fraud, stealing state secrets or corporate espionage."

Printer Friendly Page Send this Story to a Friend Create a PDF from the article

Other articles
2015/11/27 6:40:00 - Minnesota Hunter Bags Unicorn Buck
2015/11/27 4:20:00 - Homeless Man Beaten Outside Gas Station In April Dies
2015/11/27 4:15:06 - What Happened When I Took My Spoiled Kid To A Homeless Shelter
2015/11/27 4:03:23 - Dentists Recount Strangest Things Found In Patients' Mouths
2015/11/27 4:00:00 - Planned Parenthood Considering All Legal Options To Continue Abortions At Columbia Clinic
2015/11/27 3:53:22 - November Firearms Deer Season Ends With Harvest Of 189,938
2015/11/25 14:20:00 - Police Seek Help Finding Grain Valley Fugitive
2015/11/25 12:30:05 - 11 Earthquakes Strike SE Missouri Overnight
2015/11/25 12:00:00 - Trenton Woman, Rescued In Monday Fire, Passes Away In Hospital
2015/11/25 11:14:43 - Mizzou Women Beat SIUE 75-46, Move to 5-0
2015/11/25 10:57:47 - Northwestern Holds Off Missouri 67-62 In CBE Classic
2015/11/25 10:50:00 - Lady Bulldogs Ride Richman's 22 Points To First Win Of Season
2015/11/25 10:36:32 - Gilman City Girls Open With Road Win Against Osborn
2015/11/25 10:26:54 - Chillicothe Routs Penney In Girls Season Opener
2015/11/25 10:20:00 - Princeton Splits Season Openers At North Harrison
2015/11/25 9:30:00 - Trenton Goes Overtime In Season-Opening Win Over East Buchanan
2015/11/25 8:56:26 - Mizzou Facing Image Crisis After Racial Issues, Upheaval
2015/11/25 8:26:05 - Two Charged With Murder After Man Found Dead Near Branson
2015/11/25 7:35:35 - North Central Missouri College Board of Trustees Meeting Report
2015/11/25 6:38:42 - Cameron Regional Medical Center Announces Awards Scholarships
2015/11/25 6:29:52 - 37th Annual Eagle Days at Squaw Creek Refuge To Be Held Dec. 5 & 6
2015/11/25 6:10:00 - Grundy County To Receive New Voting Equipment
2015/11/25 5:46:26 - Woman Identified In Monday Fire
2015/11/25 5:37:58 - Two Teens Injured, One Arrested In Accident Near Milan
2015/11/25 4:21:31 - Authorities Identify Victims, Alleged Shooter In Moberly Area Murder-Suicide
2015/11/25 4:18:02 - Grandfather Who Let 8-Year-Old Drive In Fatal Crash Had DUI, Drug History
2015/11/25 4:08:39 - A Rainy Thanksgiving And Potentially Slick Black Friday Morning For Missouri
2015/11/25 3:57:16 - Livingston County Sheriff Investigation Results In Conviction
2015/11/25 3:49:18 - I-29 Traffic Stop Nets 60 Pounds Of Marijuana
2015/11/24 15:28:17 - NCMC Men Fall To .500 With Hard Fought Road Loss

Bookmark this article at these sites


Listen to KTTN-FM