Pirated games helped a malware campaign compromise 3.2 million PCs

Malware
(Image credit: Pixabay)

A trojan virus that infected millions of PCs and stole 1.2 terabytes of personal information was largely spread through illegal software, including pirated games and a cracked version of Adobe Photoshop, security researchers from NordLocker said. Inside the treasure trove of stolen data were 1.1 million unique email addresses and 26 million login credentials, among other things.

NordLocker says a hacker group accidentally revealed the location of the database containing the stolen data, and once NordLocker was privy, it worked with a third-party company that specializes in researching data breaches to evaluate the database's contents.

What they discovered is that a custom malware strain infiltrated 3.2 million Windows PCs between 2018 and 2020. The database contained 2 billion cookies, of which over 400 million (22%) were still valid.

The database also contained 6 million files plucked from the Desktop and Downloads folders on compromised systems. Around 900,000 image files, over 600,000 Word files, and 3 million text files made up the majority of the stolen contents, though it also included over 1,000 types of other files. That's a lot of data, and to help manage it all, the malware assigned unique device IDs to the data for easier sorting.

"Screenshots made by the malware reveal that it spread via illegal software (Adobe Photoshop), Windows cracking tools, and pirated games. Moreover, the malware also photographed the user if the device had a webcam," NordLocker said.

This particular malware campaign does not have a name, in part because it flew under the radar while active, then presumably disappeared. According to NordLocker, nameless (or custom) trojans like this one are hawked on the dark web in forums and private chats, sometimes for no more than $100.

"Their low profile often helps these viruses stay undetected and their creators unpunished...It's a booming market where the creator sells the malware, teaches the buyer how to use it, and even shows how to profit off the stolen data," NordLocker says.

Perfect peripherals

(Image credit: Colorwave)

Best gaming mouse: the top rodents for gaming
Best gaming keyboard: your PC's best friend...
Best gaming headset: don't ignore in-game audio

This is a bit of a self-serving report, as NordLocker sells one of the best VPNs for gaming, as well as offers encrypted cloud backups. So it's no surprise that one its recommended courses of action is to try out its private cloud service.

Be that as it may, this did happen, it infected a lot of PCs, and undoubtedly there are other covert malware campaigns out there doing similar things. Of course, avoiding sketchy sites that serve up cracked downloads is always a good idea.

As for this particular campaign, NordLocker reported the open database to US-CERT, and says the 1.1 million unique email addresses have been uploaded to Have I Been Pwned, a nifty resource for checking if any of your accounts have ever been part of a known security breach. The tool is about to get even more useful, as Have I Been Pwned recently teamed up with the FBI for more timely updates, and is going open source too.

Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

Read more
Kinzie, in an FBI jacket, uses a computer with the logo of the Third Street Saints on it
Have I Been Pwned adds over 284 million compromised passwords from latest breach
Steam logo
A web3 free-to-play survival game found to be a front for installing malware on your PC has finally been removed from Steam
Three Magikarp Pokémon
The FBI used self-destruct on malware infecting over 4,000 US computers, it's super effective
Mister Fantastic giving a thumbs up
A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
Path of Exile 2 early access class key art
Around 66 accounts in Path of Exile 2 were compromised, due to a one-two punch of an old unused Steam account and a backend bug
A Path of Exile 2 sorceress casting flaming skulls in a hellish landscape
'We are incredibly sorry': Path of Exile 2 devs apologise for data breach that saw 66 accounts snatched and personal info potentially stolen
Latest in Security
An FBI wanted poster for alleged hacker Zhou Shuai.
US Justice Dept announces $10 million bounty on at-large 'hacker-for-hire' cabal it says targeted China critics, religious missionaries, and the Treasury
Kinzie, in an FBI jacket, uses a computer with the logo of the Third Street Saints on it
Have I Been Pwned adds over 284 million compromised passwords from latest breach
A still from a YouTube video of Senator Mark Warner speaking
Telecoms hack on US government officials is 'worst in nations history' and 'the barn door is still wide open' says senator
HDMI cable
Hackers can wirelessly spy on your display by collecting HDMI signal leaks and churning them through an AI, but I wouldn't break out the tin foil just yet
Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg
Forcing users to periodically change their passwords should go the way of the dodo according to the US government
An original Apple Macintosh Model M0001, as they celebrate 40th anniversary, is on display in between 2024 Apple models at the independent Apple products store chain Amac, on January 24, 2024 in Utrecht, The Netherlands. Based on the Motorola 68000 microprocessor, the Macintosh was the first successful mouse-driven computer with a graphical user interface.
Major browser providers scramble to patch an 18-year-old vulnerability affecting MacOS and Linux systems but Windows remains gloriously immune
Latest in News
Three sheep with big guns in Palworld.
It was 'super popular to hate Palworld' after launch, says community manager: 'A lot of companies might crumble under the threats, under the pressure'
Palworld Ancient Civilization Parts - Grizzbolt with a minigun
'It was a very depressing day': Palworld community manager reveals studio's reaction to Nintendo lawsuit
CS 1.6 remade in CS: Legacy.
A gorgeous ground-up remake of Counter-Strike 1.6 is on its way to Steam, and one of the game's original creators says 'it really gives me old vibes'
Portal P3 pinball table
There's a new Portal game and it costs $12,500
MrBeast posing in front of a stack of cashing, promoting Beast Games season 2
Beast Games opens casting for season 2: MrBeast lost a ton of money on season 1 but apparently not enough that he won't do it again
Image for
Rise of the Ronin's PC troubles continue as players report disappearing saves on Steam