Latest news with #malware
Daily Mail
4 hours ago
- Daily Mail
'Mother of all data breaches' sees Internet users urged to act after Apple and Google passwords are exposed
Cybersecurity researchers have uncovered what the call the 'mother of all breaches' with the discovery of a collection of 30 databases that contain over 16 billion individual records, including passwords, for government accounts as well as social media log ins for Apple, Google, Facebook, Telegram, and others. Some of the datasets had vague names such as 'logins' or 'credentials', which made it hard for the team to figure out exactly what they contained but some gave clues about where the data came from. According to the researchers, the records were most likely compiled by cybercriminals using various info-stealing malware, though they noted that some data may also have been collected by so-called 'white hat' hackers. Also known as ethical hackers, 'white hat' hackers were security professionals who use their manipulating skills to identify vulnerabilities and weaknesses in computer systems, networks, and software - with the permission of the system's owner. The team at Cybernews, which found the records, said the information available to the wider Internet was only briefly, before it was locked down, but it's not possible to determine who owned the databases. With over 5.5 billion people worldwide using the Internet, researchers warned that a staggering number of individuals probably had some of their accounts compromised. Users across the globe were urged to change their passwords immediately to protect their data from falling into the hands of cybercriminals. Researchers said: 'The inclusion of both old and recent info-stealer logs makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices.' Cybernews noted that its researchers identified a database of 184 million records that was previously uncovered in May, found by data-breach hunter and security researcher Jeremiah Fowler. The security site said: 'It barely scratches the top 20 of what the team discovered. Most worryingly, researchers claim new massive datasets emerge every few weeks, signaling how prevalent info-stealer malware truly is.' The May discovery not only contained secure login data for millions of private citizens, but also had stolen account information connected to multiple governments around the world. While looking at a small sample of 10,000 of these stolen accounts, researcher Fowler found 220 email addresses with .gov domains, linking them to over 29 countries, including the U.S., UK, Australia, Canada, China, India, Israel, and Saudi Arabia. Fowler told WIRED: 'This is probably one of the weirdest ones I've found in many years. 'As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal's dream working list.' In total, Fowler discovered 47 gigabytes of data with sensitive information for accounts on sites including Instagram, Microsoft, Netflix, PayPal, Roblox, and Discord. The best action to take to protect your accounts would be to change the passwords and activate Two-Factor Authentication, which added another layer of security to logging in by sending a secure code to your phone or email. The unprotected database was managed by World Host Group, a web-hosting and domain name provider founded in 2019. Once Fowler confirmed that the exposed information was genuine, he reported the breach to World Host Group, which shut down access to the database. World Host Group's Seb de Lemos told WIRED: 'It appears a fraudulent user signed up and uploaded illegal content to their server.' Fowler added that 'the only thing that makes sense' is that the breach was the work of a cybercriminal because there's no other way to gain that much access to information from so many servers around the world. The cybersecurity expert warned that the breach also posed a major national security risk. Exploiting government email accounts could allow hackers and foreign agents access to sensitive or even top-secret systems. The stolen data could also be used as part of a larger phishing campaign, using one person's hacked account to gain private information from other potential victims.
Sky News
9 hours ago
- Sky News
Minecraft users targeted by criminals posing as game coders
Minecraft users are being targeted by criminals posing as game coders online. Analysts tracked two pieces of malware spread by what appears to be Russian gangs on the code-sharing site GitHub, , according to cybersecurity firm Check Point. Its researchers said: "The malware is developed by a Russian-speaking threat actor and contains several artefacts written in the Russian language." Thousands of Minecraft users have already been tricked into using the malware, which is designed to steal from bank accounts, cryptocurrency wallets, browsers and other computer applications. Graeme Stewart, head of public sector at Check Point, said it was similar to the way "gangs operate to take down retail... they create this and then they flood it out to people and people then use it". He described them as "modern-day bank heist guys". "They're just in it for the money," he said. "They're scraping these details from Minecraft to get into people's crypto wallets, trying to steal bank details, trying to commit bank fraud." The hacking software is hidden within the code of Minecraft modifications, which are pieces of code that allow users to change the game. Minecraft allows users to modify the game as they play - players can do anything from fixing bugs to changing how the game looks. 2:27 But when players download the malicious code and place it into their Minecraft application, they don't get the ability to create "funny maps" or modify the game as promised. Instead, the next time they load Minecraft, the malware will trigger, and soon, "it will start actively stealing data", according to Mr Stewart. "Most people have got their cards saved onto their browser and things like that, it'll start stealing that, names, addresses, emails, bank details, anything. "If anyone's got a crypto wallet that they use through the browser, then it'll steal that as well." "It's like a digital verruca, it buries itself into the machine and then starts sucking the information out," said Mr Stewart. Of the 200 million people thought to play Minecraft every month, around one million modify the game, and a lot of the code they use to do that is posted on GitHub. According to Ofcom, around 1.7 million gamers play Minecraft in the UK. A Minecraft spokesperson told Sky News that player safety is a "top priority for us" and the company is "committed to investigating reported security violations". "When we receive reports of content that does not comply with our usage guidelines, we take action as appropriate," they said. "We encourage players to report any suspicious content through our official website and leverage our resources to make informed choices." Hackers are increasingly targeting gamers in this way, with the UK's National Cyber Security Centre warning families to stay alert to dangerous downloads like this. "There were some of us who thought it was only a matter of time before this particular vulnerability starts getting exposed en masse," said Dr Harjinder Lallie, a cyberattack academic at the University of Warwick. "That's where we're going now." Although children may fall prey to this kind of attack, the group Dr Lallie and his colleagues worry about more are "young adults who have admin [rights] on their own computer". "They're just a bit more savvy. They really want that mod; they want those extra features. And if it means [they] have to turn off the Microsoft Defender system for two minutes while [they] install it, then [they'll] turn it off, install that mod, and then turn it back on afterwards. By that time, the damage has been done," said Dr Lallie. The users mentioned in the report had already had their accounts disabled and GitHub told Sky News it is "committed to investigating reported security issues". "We disabled user accounts in accordance with GitHub's Acceptable Use Policies, which prohibit posting content that directly supports unlawful active attack or malware campaigns that are causing technical harms," said a spokesperson. The company also has teams dedicated to finding and removing malicious content as well as using AI and humans to monitor the site at scale, according to the spokesperson.
Tahawul Tech
9 hours ago
- Tahawul Tech
Cybercriminals gain access as 16 billion credentials exposed in historic data breach
The threat landscape continues to evolve, and the message from cybersecurity experts is clear: digital vigilance and routine cyber hygiene are now non-negotiable. The global cybersecurity community is sounding the alarm following what Cybernews has dubbed the largest data breach in history, revealing a staggering 16 billion login credentials scattered across 30 different databases. While some records are believed to overlap, researchers emphasise that much of the data stems from recent infostealer malware attacks, not just recycled incidents from the past. This latest revelation significantly raises the stakes in the ongoing battle against credential theft. Commenting on the report, Alexandra Fedosimova, Digital Footprint Analyst at Kaspersky, explains: '16 billion records is a figure nearly double the Earth's population, and it's hard to believe such a vast amount of information could be exposed. This 'leak' refers to a compilation of 30 user data breaches from various sources. These data sets ('logs') are primarily obtained by cybercriminals through infostealers — malicious applications that steal information — and such incidents occur daily. Cybernews researchers collected this data over six months from the start of the year. Their dataset likely contains duplicates due to the persistent issue of password reuse among users. Therefore, although it was noted that none of the databases they found had been previously reported, this doesn't mean these credentials hadn't previously leaked from other services or been collected by other infostealers.' Kaspersky telemetry further supports the scale of the threat, reporting a 21% global increase in password stealer detections from 2023 to 2024. Infostealer malware has emerged as one of the most pervasive cyber threats, compromising millions of devices and extracting credentials, cookies, and sensitive data — all of which are then aggregated and circulated on the dark web. Dmitry Galov, Head of Kaspersky's Global Research and Analysis Team (GReAT) for Russia and CIS, added: 'Cybernews research speaks of an aggregation of several data leaks over a long period – since the start of the year. This is a reflection of a thriving cybercrime economy that has industrialised credential theft. 'Credentials are harvested, enriched, and resold — often multiple times — via combo lists that are constantly updated and even made available on public platforms.' 'What's notable here is that the datasets were reportedly temporarily exposed via unsecured channels, making them accessible to anyone who stumbled upon them.' Anna Larkina, Web Content Analysis Expert at Kaspersky, advises users to take urgent action and said, 'This news is a good reminder to focus on digital hygiene. Regularly update your passwords, enable two-factor authentication, and use a reliable password manager, such as Kaspersky Password Manager, to store your credentials securely. If you suspect your accounts may have been compromised, contact support services immediately to regain access and limit further damage. Users should also stay alert to social engineering scams that exploit leaked data.' Adding to the expert views, Peter Mackenzie, Director of Incident Response and Readiness at Sophos, said, 'While you'd be right to be startled at the huge volume of data exposed in this leak, it's important to note there is no new threat here — this data will most likely already have been in circulation. These datasets are amalgamated from multiple breaches. What this tells us is the sheer depth of information now available to cybercriminals. It's a powerful reminder to everyone to take proactive steps — update passwords, use a password manager, and implement multifactor authentication. If concerned, check your email at to see if your data has been compromised.'
The Sun
10 hours ago
- The Sun
All 200 million Minecraft players risk having money stolen in seconds in ‘undetected' attack – avoid common game mistake
MILLIONS of Minecraft players are at risk of having their sensitive information stolen in the recent "undetected" attack. All 200 million users could have their money stolen after a research has uncovered a "malicious" campaign. 1 CheckPoint Research has revealed through their investigation that Minecraft users are being targeted through mods. The popular game allows players a creative freedom via mods, which are additions to a game made by fans. Minecraft players can download mods to enhance their gaming experience but they have to be careful. When you install a new mod, you could be inviting a virus onto your computer. According to CheckPoint Research, a large-scale malicious campaign has been targeting mods to infect people's devices. The malware has been spread through Minecraft modding system as well as GitHub. A network of Github accounts, dubbed Stargazers Ghost Network, has been impersonating popular cheats and scripts 'Oringo and Taunahi'. They provided mods which appeared legitimate as multiple accounts starred them. The first and second stages of the attack are developed in Java and can only be executed if the host computer has the Minecraft runtime. These files would then carry out a "multi-stage attack" to breach systems and steal victims' personal information. AT&T Hack Exposes FBI Communications: Espionage Fears Rise Since March 2025, Check Point Research has been attempting to monitor these "malicious GitHub repositories." The malware has gone undetected by all antivirus engines on VirusTotal as they are specifically targeted at Minecraft users. Their research listed all the information that may be stolen, including private conversations sent through Discord, cryptocurrency wallets, browser logins, and much more. Gamers have been warned to exercise caution when downloading third-party content. It comes after a colossal leak exposed as many as 16 billion logins for Apple, Facebook and Google users. It's one of the largest in history giving hackers "unprecedented access" to your personal info and online accounts, experts warn. Logins for Instagram, Microsoft, Netflix, PayPal, Roblox, Discord, Telegram, GitHub and various government services in more than 29 countries, including the UK and US, have also been affected.
The Verge
a day ago
- The Verge
Posted Jun 19, 2025 at 8:00 AM EDT
DuckDuckGo's scam blocker now covers fake ecommerce sites and more. The tool, which is built into DuckDuckGo's browser, displays a warning message when you click on potentially dangerous sites. In addition to blocking phishing sites, malware, and common online scams, DuckDuckGo has expanded the tool to protect against fake online stores, phony crypto exchanges, and those obnoxious sites that falsely claim your device has a virus.
