No Comments

Credentials stolen by new password stealer in Brazil already exceed one million

ISH Tecnologia updated the number of passwords it found for sale on the dark web, associated with a post on a fraud channel specializing in the purchase and sale of personal credentials: from approximately 900 thousand, the number of credentials has already reached 1,046,770 , which belong to 993,630 people, informs the company. The credentials are being obtained in phishing email campaigns that started in January. Among the victims are even employees of federal and state public agencies, as well as private companies from various sectors such as finance, health and large industries. Passwords were being sold on the forum for R $ 9,700.00.

The theft is done through a newly identified “Password Stealer” trojan, which installs itself after the victim falls into an e-mail phishing whose subject is “late payment slip”. The risk now, informs ISH, is that people are in the habit of using the same login and password for various services, including to access sensitive company information. Hackers know this and, with scams like this, they are able to breach data of companies where users work and thus implement their actions, including for ransomware campaigns.

Look this
Trojan steals 900,000 credentials in Brazilian browsers
Cybercriminals use IcedID trojan in attacks that exploit the covid-19 theme

The scam presents as senders e-mail addresses of major mobile cellular service operators in Brazil, alerting the alleged customers about a delayed account. The message asks the victim to click a button to download the overdue invoice in PDF format. When downloading the invoice, a malicious program is installed on the victim’s computer, then copies the credentials saved by the user in Internet browsers and sends them to a remote server installed by the hackers. The leak was identified thanks to Mantis, a recent ISH launch that scans the internet for sensitive information from people and companies, including on the deep and dark web.

The data collected on the attack shows that government-related domains ( are 0.18% of the total, while those related to personal accounts (gmail, hotmail, land, yahoo, ig, uol, uai, bol, yahoo…) are 84.27% and finally the remaining 15.55% refer to domains of private companies.

See the original post at:

You might also like

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.