Info-Stealing Malware Sells Over 400,000 Corporate Credentials

In an analysis of 20 million information-stealing malware logs sold on the dark web and Telegram channels, the cybersecurity firm Flare found these malware logs had significantly infiltrated business environments. The logs contained access to business applications such as Google Cloud, Salesforce, CRM, DocuSign, QuickBooks, Amazon Web Services, Google Cloud Platform and Okta. Forty thousand corporate credentials had been stolen. Seventy-four percent were posted on Telegram channels, while 25% were seen on Russian-speaking marketplaces. Flare also found more than 200,000 stealer logs containing Open AI credentials, constituting a risk for leaking proprietary information, internal business strategies and source code.

Information stealers are malware that steals data stored in applications such as web browsers, email clients, instant messengers and FTP clients. The stolen information is packaged into archives called logs. The value is derived from the potential profit cybercriminals can make by leveraging compromised credentials to access CRMs, RDP, VPNs, and SaaS applications and then using that access to deploy stealthy backdoors, ransomware and other payloads. It is recommended that businesses minimize the risk of these malware infections by imposing the use of password managers, enforcing multi-factor authentication, and setting strict controls on personal device use.