21. January 2022

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

By conducting searches on VirusTotal, an online service that analyses suspicious files and URLs, security researchers have discovered a technique to gather large volumes of stolen user credentials. 

The SafeBreach research team used this technique to acquire over a million credentials using a €600 (about $679) VirusTotal licence and a few tools. The purpose was to determine what information a criminal could obtain with a licence for VirusTotal, a Google-owned service that allows users to submit and verify suspected files and links using multiple antivirus engines for free. 

A VirusTotal licenced user can use a mixture of questions to search the service’s dataset for file type, file name, submitted data, country, and file content, among other things. Many data thieves gather credentials from various forums, mail accounts, browsers, and other sites, write them to a specific hard-coded file name — for example, “all credentials.txt,” and then exfiltrate the file from the victim’s device to the attackers’ command-and-control server. 

Researchers used VirusTotal tools and APIs like search, VirusTotal Graph, and Retrohunt to locate files containing stolen data using this strategy. 

Tomer Bar, director of security research at SafeBreach stated, “It is quite a straightforward technique, which doesn’t require strong understanding in malware. All you need is to choose one of the most common info stealers and read about it o

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: