4/11/2024 0 Comments Google hacking locate ftp servers![]() After victims are hacked by the original hacker, most have little visibility into what sensitive information is uploaded and stored in VirusTotal and other forums.” We called it the perfect cyber crime, not just due to the fact that there is no risk and the effort is very low, but also due to the inability of victims to protect themselves from this type of activity. “A criminal who uses this method can gather an almost unlimited number of credentials and other user-sensitive data with very little effort in a short period of time using an infection-free approach. “Our goal was to identify the data a criminal could gather with a VirusTotal license,” Bar noted, and said that they have proven this method – dubbed “VirusTotal Hacking” – works at scale. They’ve also connected some of these files to specific sellers of stolen credentials on a variety of hacking forums and Telegram groups, and have shown that in some cases it may be easy for criminals to discover credentials for accessing malware’s C2 FTP server and use them to “collect” stolen credentials. Depending on the malware, these files contain credentials for email and social media accounts, e-commerce sites, online payment services, gaming platforms, online government services, streaming platforms, online banking accounts, and private keys of cryptocurrency wallets. ![]() ![]() To prove it, the researchers compiled a list of those files’ names, acquired a monthly VirusTotal license that allowed them to do searches, explore VirusTotal’s dataset, and perform malware hunts – and started searching for them. Just like Google Search can be used to search for vulnerable websites/systems, IoT devices, and sensitive data (the method is known as Google hacking or dorking), VirusTotal’s APIs and tools (VT Graph, Retrohunt, etc.) can be used to find files containing stolen data. Finding the files with stolen credentials Finally, some environments are configured to automatically upload files to VirusTotal to verify whether they are “clean”. They may also be uploaded by third parties (e.g., a security researcher or the company where the C2 server is hosted) who are unaware they contain sensitive information. These files can end up hosted on VirusTotal due to hackers using VirusTotal to promote selling victims’ data or due to attackers uploading them by mistake, Tomer Bar, Director of Security Research at SafeBreach, told Help Net Security. The credentials are contained in files that common info-stealers and keyloggers use to exfiltrate them from infected machines. The source of the compromised credentials In fact, with a €600 VirusTotal license, they have managed to collect more than 1,000,000 credentials just by executing simple searches with a few tools. VirusTotal, the popular online service for analyzing suspicious files, URLs and IP addresses, can be used to collect credentials stolen by malware, researchers at SafeBreach have found.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |