August 16, 2023 at
Security researchers have detected 120,000 compromised systems storing credentials for several cybercrime forums. According to the researchers, most of the computers infected in this campaign belonged to hackers.
Information-stealing malware compromises over 100,000 hacking forums
The security researchers behind this discovery noted that the passwords used to log on to hacking forums are clearly more robust than those used on government websites. This shows that hackers are more discreet about hacking than other institutions, such as the government, eager to hide the same information.
The researchers behind this discovery were from Hudson Rock, who said they had analyzed 100 cybercrime forums. The researchers also noted that some threat actors had infiltrated the computers used by these hackers and, as a result, had infected their devices and stolen login data.
Hudson Rock noted that 100,000 accounts compromised during this campaign belonged to threat actors. The number of credentials stolen from these cybercriminal forums exceeded 140,000.
The researchers gathered information on the stolen credentials from publicly available leaks. They also used details from information theft logs sourced directly from the hackers.
Information theft logs are a form of malware used to search specific locations on a computer to retrieve login information. One of the most common targets of malware was web browsers, as they feature auto-fill functions. Websites also contain password-storing attributes that make it easier for hackers to compromise platforms and carry out a “hacker attack”. malicious campaign.
Hudson Rock CTO Alon Gal reported that hackers around the world were opportunistically infecting computers by promoting results for fake software. These hackers also use YouTube tutorials that encourage victims to download infected software, thus compromising their devices.
Targeted hackers were probably less skilled
The victims of this campaign include other hackers. However, the hackers who were tricked are probably those with the least skill. These hackers were infected in the same way as any gullible Internet user who tries to take a shortcut when using the web, but instead falls prey to malicious actors.
The researchers identified the owners of the compromised computers as hackers by analyzing the data contained in the information thieves’ logs. This data revealed the real identities of the people behind the hacking campaign.
The targeted computers also contained additional identifying information about these threat actors, such as e-mail addresses and usernames. They also contained auto-fill data containing the hackers’ personal information, including addresses, names and phone numbers. The compromised computers also contained system data such as computer names and IP addresses.
Furthermore, in a previous reportHudson Rock researchers noted that a well-known hacker group known as La_Citrix, which sells Citrix/VPN/RDP access to businesses, had infected their computers. Hudson Rock clarified, however, that this hack was accidental.
Evaluating the data collected, Hudson Rock noted that over 57,000 compromised accounts were linked to the Nulled community.[.]to. This community is largely made up of aspiring cybercriminals, indicating that hackers were targeted because they lacked the sophisticated skills to identify and avoid the hacking campaign.
The users with the strongest passwords on this site were those of
BreachForums. According to the researchers, over 40% of identifiers had at least ten characters and four different character types.
Some hackers also used weak passwords, such as a string of consecutive numbers. These hackers also had a low level of community involvement. These hackers seem to use their accounts only to follow discussions, check data available for sale or be informed when something important happens.
The researchers further reported that the credentials used in cybercrime forums were significantly stronger than government website login data. However, the difference in password strength was not very great.
Hudson Rock added that the majority of infections appeared to come from three information thieves. These, namely Azorult, Raccoon and RedLine, are very popular with threat actors.
Many initial access hacks begin with information-stealing malware. This malware usually gathers all the data a threat actor needs to impersonate a legitimate user. These hacking campaigns are usually known as system fingerprinting, and are used to compromise targeted systems.