On October 20, a hacker calling himself Dark X said he logged into a server and stole the personal data of 350 million Hot Topic customers. The next day, Dark The next day, Dark X said that Hot Topic kicked them out.
Dark They simply obtained the login credentials of a developer who had access to Hot Topic’s crown jewels. To demonstrate, Dark Alon Gal of cybersecurity company Hudson Rock, who first found the link between the data thieves and the Hot Topic breach, he said the hacker sent him the same set of credentials.
The luck part is true. But the alleged Hot Topic hack is also the latest breach directly linked to a sprawling underground industry that has made hacking some of the world’s biggest companies child’s play.
AT&T. Ticketmaster. Santander Bank. Marco Neiman. Electronic Arts. These were not entirely isolated incidents. Instead, they were all hacked thanks to “info thieves,” a type of malware designed to loot passwords and cookies stored in the victim’s browser. In turn, information thieves have given rise to a complex ecosystem that has been allowed to grow in the shadows and where criminals fulfill different roles. There are Russian malware coders who continually update their code; teams of professionals using eye-catching advertising to hire contractors to spread malware on YouTube, TikTok or GitHub; and English-speaking teenagers from the other side of the world who then use the credentials obtained to break into corporations. At the end of October, a collaboration of law enforcement agencies. announced an operation against two of the most frequent thieves in the world. But the market has been able to grow and mature so much that law enforcement action against even a portion of it is now unlikely to have any lasting effect on the spread of information thieves.
Based on interviews with malware developers, hackers using stolen credentials, and a review of manuals that explain to new recruits how to spread malware, 404 Media has mapped this industry. Its bottom line is that a single person’s download of innocent-looking software can lead to a data breach at a multibillion-dollar company, putting Google and other tech giants in an increasingly intense game of cat and mouse. malware developers to keep people and businesses safe.
“We are professionals in our field and will continue working to prevent future updates from Google,” an administrator of LummaC2, one of the most popular data-stealing malware, told me in an online chat. “It takes some time, but we have all the resources and knowledge to continue the fight against Chrome.”
The thieves
The information theft ecosystem begins with the malware itself. There are dozens of them, with names like Nexus, Aurora, META and Raccoon. The most widespread information thief at the moment is one called RedLine, according to cybersecurity firm Recorded Future. Having pre-packaged malware also dramatically lowers the barrier to entry for a new budding hacker. The administrator of LummaC2, who according to Recorded Future is among the top 10 information thieves, said he welcomes both beginner and experienced hackers.
Initially, many of these developers were interested in stealing credentials or keys related to cryptocurrency wallets. Armed with them, hackers could empty a victim’s digital wallets and make quick money. Many today still market their tools as if they were able to steal bitcoins and have Even introduced OCR to detect initial phrases in images. But recently those same developers and their associates discovered that everything else stored in a browser (passwords to a victim’s workplace, for example) could generate a secondary stream of revenue.
