the security company NordLocker detected a new malware that operated freely for two years without detection by data protection systems.

The trojan modality virus has not yet been named and acted between 2018 and 2020, disguised as fake attachments in e-mails and as an executable for photo editing software.

In all, more than 3.25 million computers would have been affected, with around 26 million accredited listed. Personal data includes login and password from social networks such as Facebook, Twitter and Instagram, as well as emails from Gmail and Outlook, among others.

The software that had the most credentials collected.
The software that had the most credentials collected.Source: NordLocker

Among the stolen files, 50% of the data is text documents — meaning potentially sensitive information and perhaps even password lists. Images, cookies and temporary browser data were also extracted.

When infecting a device, the malware even took a screenshot of the victim’s machine and was able to access the computers’ webcam. In the study, there are no details as to why data collection ended, but the threat has apparently stopped circulating.