Why Hack Sites When Google Will Do The Work For You?

By   ISBuzz Team
Writer , Information Security Buzz | Jan 20, 2022 09:03 am PST

SafeBreach Researchers used Google’s own VirusTotal to find and retrieve more than 1,000,000 credentials, exfiltrated by different types of malware and unencrypted cryptocurrency wallets.  VirusTotal is a free service offered by Google that checks suspicious files using dozens of antivirus engines. With just a single VirusTotal license, researchers gained access to the suspicious files and were able to use Google’s own tools to search for files containing the stolen credentials.  Excerpts:

(Google VirusTotal) … provides extensive search capabilities for a licensed user, allowing them to query the VirusTotal dataset by a combination of dozens of queries: filetype, filename, submitted date and country and file content are just a few examples. … we developed the idea of “VirusTotal hacking,” based on the known method of “Google hacking.” With Google hacking, criminals use Google to search for vulnerable websites, IoTs, installed webshells, and sensitive data leaks. Because VirusTotal employs Google’s more advanced search APIs, we believed it had the potential to enable turbocharged Google hacking.

The results were huge. In just a few days, we were able to collect more than 1,000,000 credentials, exfiltrated by different types of malware and unencrypted cryptocurrency wallets. We also discovered a market that publishes a small amount of victims’ data for free as a teaser, with an additional site and Telegram channel that offers larger amounts of victims’ exfiltrated data for sale.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Nasser Fattah
Nasser Fattah , Executive Advisor
InfoSec Expert
January 20, 2022 5:04 pm

<p>Cybercriminals typically enrich leaked and stolen credentials (the common user ID and password) with date-of-birth, phone numbers, security questions, including answers, and other relevant information that can be easily used for identity theft and account takeover – both with the intent to commit fraud. Note many of these leaked/stolen credentials stem from third-party breaches and rely on people reusing the same password to authenticate to multiple sites. Why bother with brute force attacks and cracking passwords when active, valid credentials can be bought in lots.</p>

Last edited 1 year ago by Nasser Fattah

Recent Posts

Would love your thoughts, please comment.x