Bot malware, where incidents automate malicious code capable of exfiltrating entire user profiles from target endpoints, is on the rise, warns a new report from NordVPN.
The company’s research claims five million people’s data has been stolen by bot malware since 2018, covering 26.6 million usernames and passwords, including nearly one million Google credentials, and more than one million Microsoft and Facebook registrations together.
Bot malware is more dangerous than the average malware because by stealing entire user profiles, they allow the operators to bypass multi-factor authentication.
“When a criminal hacks into a password, they cannot complete identity verification if the user has MFA enabled. However, if a criminal gets their hands on their victim’s cookies and device configuration information, they can fool security systems and prevent MFA activation. Because bot malware provides criminals with the full digital identity of their victims, it brings a whole new set of risks,” said Adrianus Warmenhoven, cybersecurity advisor at NordVPN.
What makes these attacks even more dangerous is the fact that the barrier to entry is quite low. Even inexperienced hackers can use these user profiles to log into people’s accounts and use them for various nefarious purposes.
For example, they can steal people’s Facebook accounts and pretend to ask them for money, deliver malware or promote dangerous and false stories. They can even use the information obtained to target companies with phishing emails, the researchers conclude.
Plus, they don’t even have to send the bot malware to target endpoints themselves. They can easily buy the data on the dark web. The average price for a single person’s data set is about $6, it was said.
“Always use an antivirus to protect yourself. Other measures that could help include a password manager and file encryption tools to ensure that even if a criminal infects your device, there is little to steal,” adds Adrianus Warmenhoven.