A detailed analysis of nearly 20 million malware logs available on the dark web and Telegram has highlighted a significant penetration of information-stealing malware into business settings. Information-stealing malware extracts data from applications like web browsers, email clients, and others, and the retrieved information is sold in cybercrime markets. Key malware families include Redline, Raccoon, Titan, Aurora, and Vidar. While they mainly target individual internet users, businesses have become increasingly vulnerable due to employees blending personal and professional device usage. Notably, cybersecurity firm Flare’s report revealed around 375,000 logs containing access to major business applications, including Salesforce, AWS, and DocuSign, with a large percentage of these logs found on Telegram channels and Russian-speaking marketplaces.
Additionally, Flare discovered over 200,000 logs with OpenAI credentials, indicating a potential risk of leaking sensitive business data. Corporate credentials are highly sought-after in cybercrime circles, given the potential profits from exploiting compromised credentials. Flare’s research suggested that these logs serve as primary sources for initial access brokers seeking entry into corporate environments, with the intention of further selling this access on dark web platforms. To safeguard against such threats, businesses are advised to implement password managers, mandate multi-factor authentication, regulate personal device usage, and provide employee training to recognize and avoid malware sources like malicious ads and social media posts.