The Trojan virus that infected millions of PCs and stole 1.2 terabytes of personal information was spread through pirated games, cracked versions of Adobe Photoshop, and other illegal software, security researchers at NordLocker have revealed. The hoard of stolen data included 1.1 million unique e-mail addresses and 26 million login credentials.

According to NordLocker, a group of hackers accidentally exposed the location of a database containing the stolen data, and once NordLocker obtained it, they worked with a third-party firm specializing in data breach investigations to assess the database's contents.

What they found was that custom malware strains infiltrated 3.2 million Windows PCs between 2018 and 2020. The database contained 2 billion cookies, of which over 400 million (22%) were still active.

The database also contained 6 million files extracted from the desktop and download folders of the compromised systems. Approximately 900,000 image files, over 600,000 Word files, and 3 million text files made up the bulk of the stolen content, but over 1,000 other files were also included. This is a huge amount of data, and to manage it all, the malware assigned unique device IDs to the data to facilitate sorting.

"Screenshots created by the malware show that it spread via illegal software (Adobe Photoshop), Windows cracking tools, and pirated games. Additionally, if the device had a webcam, the malware was taking pictures of the user," NordLocker stated.

This particular malware campaign has no name; according to NordLocker, such nameless (or custom) Trojans are sold on dark web forums and private chats, sometimes for less than $100.

"Their low visibility often helps these viruses go undetected and their creators go unpunished... It's a booming market where creators sell malware, teach buyers how to use it, and even show them how to profit from the stolen data," NordLocker says.

This is a bit of a self-serving report because NordLocker sells one of the best VPNs for gaming, as well as offering encrypted cloud backup. cloud backup, which it also offers.

Be that as it may, this did indeed happen and infected many PCs. Of course, it is always a good idea to avoid shady sites offering cracked downloads.

For this particular campaign, NordLocker reported an open database to US-CERT, stating that 1.1 million unique e-mail addresses were uploaded to Have I Been Pwned. This is because Have I Been Pwned has recently partnered with the FBI to provide more timely updates.