Researchers have revealed that more than 100,000 hackers could be operating on compromised devices due to their involvement on cyber crime forums.
A study from Hudson Rock identified around 120,000 devices infected with malware that contained login credentials for cyber crime forums.
The firm said that many of the individuals operating with compromised machines may have inadvertently infected their devices with info-stealing malware, which led to their details being leaked.
Much of the information analyzed in the study was publicly available.
“Using Hudson Rock’s cyber crime intelligence database, which consists of over 14,500,000 computers infected by info-stealing malware, we analyzed 100 of the leading cyber crime forums,” the firm said.
“Researchers found that a staggering 120,000 infected computers, many of which belong to hackers, had credentials associated with cyber crime forums.”
Researchers said that hackers compromised through their involvement in cyber crime forums had a “substantial amount” of data exposed, which could point to their real-world identities.
Credentials found on infected devices included emails and usernames, as well as auto-fill data containing personal details such as names, addresses, and phone numbers.
System information, such as computer names and IP addresses, were also listed among the exposed information.
The “vast majority” of recorded info-stealer infections were attributed to RedLine, Raccoon, and Azorult, the study found.
Cyber crime forum leaks
A range of notorious cyber crime forums was analyzed in the study, with some offering a huge trove of leaked information on members.
The forum with the highest number of infected users was identified as ‘Nulled.to’, which accounted for more than 57,000 compromised users.
‘Cracked.io’ and ‘Hackforums.net’ were also found to have a high volume of compromised users operating on the sites.
This isn’t the first instance in which cyber criminals have inadvertently infected their own devices with malware, Hudson Rock revealed. Previous analysis from the firm found that, prior to its takedown, the popular RaidForums had more than 7,000 compromised users.
“It is not uncommon for hackers to accidentally get infected by info-stealers, just as employees of highly technical companies often do. For example, raidforums.com, a prominent cyber crime forum that was shut down by law enforcement has over 7,000 compromised users in Hudson Rock’s database, many of which are hackers.”
Research from the firm in July showcased a real-world example of this, detailing an incident in which a notable threat actor, dubbed ‘La_Citrix’, infected their own device.
The threat actor in question is known for selling access to company Citrix/VPN/RDP servers and leaking info-stealer logs from computer infections, the firm said.
This hacker was found to have been using their own personal computer in their activities, and their involvement in cyber crime forums had resulted in their information being exposed.
“Data from La_Citrix’s computer such as ‘Installed Software’ reveals the real identity of the hacker, his address, phone, and other incriminating evidence such as ‘qTox’, a prominent messenger used by ransomware groups, being installed on the computer.”