User Login    
 + Register
News : Massive Malware Campaign Steals Everybody's Passwords
Posted by Randy on 2014/7/16 4:34:27 (582 reads) News by the same author

( - Who, or what, is NightHunter? And what do they — or it — want?
Click to see original Image in a new window

Security researchers discovered last week that for the past five years, a mysterious group has been stealing user credentials from Facebook, Dropbox, Skype, Amazon, LinkedIn, Google, Yahoo, Hotmail, the Indian Web portal Rediff and several banks. Dubbed NightHunter, the campaign appears to have amassed an enormous database of stolen information.

The goals of the attacks remain unclear. NightHunter appears untargeted, simply interested in collecting as many user credentials as possible, according to Santa Clara, California-based security company Cyphort, which discovered and named NightHunter.

The NightHunter campaign involves several different types of keyloggers, including Predator Pain, Limitless and Spyrex. What sets NightHunter apart — and has made it so difficult to trace — is the fact that the keylogging malware relays its captured data back to the criminals in an unusual way: by emailing it.

Most malware communicates with its operators using Web protocols such as HTTP or Internet Relay Chat. But the NightHunter malware uses the email protocol SMTP, which has been around since 1982. SMTP "is outdated and often overlooked, so it can be a more stealthy way of data theft," wrote Cyphort's McEnroe Navaraj in a company blog post disclosing the findings.

NightHunter's preferred method of infecting target computers appears to be via phishing emails, Navaraj says. These emails are sent to personnel in the finance, sales or HR departments of all sorts of large companies and organizations, and bear .doc, .zip or .rar attachments, sometimes with fake IDM or 7zip installers bundled in. Some of the phishing emails are crafted to appear to be from goods-resale agents.

In addition to logging user keystrokes, the NightHunter malware also gathers and relays information about the Web browsers, instant-messaging and email clients, password managers, Bitcoin wallets or video games present on an infected computer.

Since 2009, NightHunter has amassed such an enormous database of stolen credentials from the abovementioned online services that, according to Cyphort, whoever is behind the campaign is in a position to do some serious damage.

"The potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks is high," Navaraj wrote in the blog post. "The actors behind NightHunter can use the trove of stolen credentials to leverage big-data analytics and enable new cyberthreats, for purposes of extortion, credit card or bank fraud, stealing state secrets or corporate espionage."

Printer Friendly Page Send this Story to a Friend Create a PDF from the article

Other articles
2015/10/6 10:26:09 - Trenton Will Be #1 Seed At Class 2, District 16 Tournament
2015/10/6 10:18:12 - Jefferson Swings Upset Of Winston To Repeat As State Champions
2015/10/6 10:05:43 - Tri-County Conference Announces Postseason Honors
2015/10/6 9:00:00 - Missouri To Play Georgia In Prime-Time
2015/10/6 8:46:23 - Local Group Receives Grant To Help Improve North Missouri Economy
2015/10/6 8:39:34 - Solid Waste Collection Event Will Be Saturday In Chillicothe
2015/10/6 7:45:38 - Marching Bands Coming To Trenton For Missouri Day Festival
2015/10/6 7:44:27 - Harvest Advances Across Missouri
2015/10/6 7:38:47 - Miss Missouri To Be Special Guest At Missouri Day Parade
2015/10/6 7:35:49 - New Highway Patrol Commander Announced For Linn/Chariton Counties
2015/10/6 7:35:38 - Waterfowl Hunting Looking Good By The Numbers, But Habitat And Weather Are Wildcards
2015/10/6 7:29:18 - 4-H Camp Counselor With Down Syndrome Brings Humor And Compassion To Job
2015/10/6 7:28:25 - Accident Near Wal-Mart Injures Chillicothe Officer
2015/10/6 4:25:14 - Convicted Rapist Brian Adkison Sentenced To 15 Years
2015/10/6 4:22:40 - MU Chancellor: "Racism Exists At MU"
2015/10/6 4:18:50 - Nude Intruder Discovered Sleeping In Bed At Wentzville Home
2015/10/6 4:13:48 - 11-Year-Old Boy Charged In Death Of 8-Year-Old Neighbor
2015/10/6 4:10:48 - Frank White's Biggest Worry About The Royals
2015/10/6 4:10:00 - Woman Dies At McDonald's As Customers Continue To Eat
2015/10/6 4:02:25 - Man Dies After Police Called To St. Joseph Motel
2015/10/6 3:56:56 - Friendship Is Important To Older Adults
2015/10/6 3:50:00 - Fields Of Faith Event Slated For October 14
2015/10/5 18:40:00 - Trenton Thunders Way To Senior Night Win, 12-2 Over Chillicothe
2015/10/5 15:49:10 - Jameson Read Changes Plea To Guilty On 2nd Degree Murder Charge / Assault In Court Appearance Today
2015/10/5 15:02:10 - California Governor Signs Controversial Assisted-Suicide Bill
2015/10/5 14:02:01 - Mercer Cardinal Coaches Shows For Monday, 10/5/15
2015/10/5 13:26:07 - Royals Back In Playoffs With Stingy, Rebuilt Bullpen
2015/10/5 13:20:00 - Missouri Beats South Carolina, 24-10
2015/10/5 13:20:00 - Bengals Stay Unbeaten With 36-21 Win Over Chiefs
2015/10/5 12:00:49 - Grundy R-5 Coaches Shows For Monday, 10/5/15

Bookmark this article at these sites


Listen to KTTN-FM