Major Data breach – new Windows malware.

September 28th, 2023 by Stephen Jones Leave a reply »

Usernames and passwords of billions of users have been exposed online after the digital risk protection company DarkBeam left an online database unprotected.

Unfortunately over 3.8 billion user records were accessible to anyone during the period in which the database was exposed. The leaked email addresses and passwords contained on the database actually came from previous data breaches. Ionically DarkBeam had collected this information to alert its customers in regards to future data breaches, though it’s highly likely that this leak will affect non-customers as well.

Any such leak contains usernames and passwords from both reported and unreported data breaches, and there is a chance that your login credentials could be compromised, even though you had never heard of DarkBeam. it’s likely that hackers downloaded it to use in future attacks. For instance, they could use exposed email addresses in targeted phishing attacks. It’s more likely that  cybercriminals with this data will try and use the usernames and passwords at a number of different sites to see if any of the victims reused the same passwords. Password reuse is a big problem and when you use the same password and username for multiple accounts, hackers use stolen credentials to login to your other accounts. Create strong, complex , unique for all of your accounts. 

If that is not bad enough there is also a new open-source Windows malware Exela Stealer uses Discord to send stolen data back to hackers. Besides stealing login credentials, personal data and financial information, the malware can also steal session details from popular apps and online services including social media and gaming platforms. Once downloaded on a computer, Exela’s builder will run when there is a compatible version of Python (version 3.10.0 or 3.11.0) is installed on the machine and  the builder can create a.exe file.

When the malware’s builder batch file inside the Exela setup folder is executed, a Discord webhook URL is required, and when a victim doesn’t provide this URL, an error message is displayed until they do. The Exela Stealer uses this Discord webhook URL to act as a remote server for the hackers who deployed the malware. to send all of a victim’s stolen data back to the hackers.

After installation on a victim’s PC, Exela Stealer persists by copying itself into a new directory in the local app data folder. It adds a startup entry in Windows Registry so that the malware continues to run even after the infected PC is rebooted.

Exela Stealer then targets any Chromium-based web browsers like Chrome, Edge, Brave, Opera or Vivaldi that are installed on a victim’s computer. Besides credentials, the malware can also steal credit card information, cookies and other browser data while logging keypresses and taking screenshots of the system. Exela Stealer can steal l info from social media platforms including Instagram, X, TikTok and Reddit along with data from both Steam and Roblox.Stolen data is sent back to the hackers behind Exela Stealer who can use it to commit fraud or identity theft.

You risk a bad malware infection should you try to download games or software illegally.. The Exela Stealer is distributed through phishing pages and websites offering free software downloads. However, given the malware’s capabilities, cybercriminals could devise new distribution method so be ever more vigilant about phishing emails, strong passwords, multi factor authentication, ant virus updates etc. Whenever there is  a big data leak like this one, check whether your own credentials are compromised. T Cybernews has its own personal data leak checker, or  use Troy Hunt’s popular HaveIBeenPwned ,or Mozilla’s Firefox Monitor.


Comments are closed.