Credentials for cybercrime forums found on roughly 120K computers infected with info stealers

Researchers discovered credentials associated with cybercrime forums on roughly 120,000 computers infected with information stealers.

Threat intelligence firm Hudson Rock has discovered credentials associated with cybercrime forums on roughly 120,000 computers infected with various information stealer malware. The experts discovered that many of these computers, compromised between 2018 to 2023, belong to threat actors.

The researchers analyzed a database of more than 14.5 million computers infected with info-stealers.

The researchers were able to uncover the real identities of the hackers based on indicators such as additional credentials found on the computers (additional emails, usernames), auto-fill data containing personal information (names, addresses, phone numbers), and system information.

The researchers discovered that the cybercrime forum with the highest number of infected users is “Nulled.to” (57,203), followed by “Cracked.io” (19,062) and “Hackforums.net” (13,366).

The analysis of the passwords of users revealed that forum with the strongest user passwords is “Breached.to.”

The expers noticed that the passwords from Cybercrime forums are stronger than passwords used for Government websites.

Most of the infections are attributed to Redline, followed by Raccoon and Azorult. The top 5 countries (Normalized) from which hackers were infected and had at least 1 credential to a cybercrime forum are:

1. Tunisia (7.55% of total infections in the country)
2. Malaysia (6%% of total infections in the country)
3. Belgium (5.14% of total infections in the country)
4. Netherlands (4.8% of total infections in the country)
5. Israel (4.43% of total infections in the country)

“Info-stealer infections as a cybercrime trend surged by an incredible 6000% since 2018, positioning them as the primary initial attack vector used by threat actors to infiltrate organizations and execute cyberattacks, including ransomware, data breaches, account overtakes, and corporate espionage.” concludes the report published by Hudson Rock.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime forums)