While VirusTotal is a useful platform to check malicious files, it can be a security risk too. At least, that’s what the researchers have recently demonstrated by planning the ‘VirusTotal Hacking” attack. Using this strategy, the researchers could gather thousands of credentials.
VirusTotal Hacking Attack
Researchers from SafeBreach have recently shared how they could exploit the VirusTotal platform to steal data. As elaborated in their post, the researchers used different known malware to extract credentials by searching the platform, what they called “the perfect cybercrime”.
We called it the perfect cyber crime, not just due to the fact that there is no risk and the effort is very low, but also due to the inability of victims to protect themselves from this type of activity. After victims are hacked by the original hacker, most have little visibility into what sensitive information is uploaded and stored in VirusTotal and other forums.
Briefly, the researchers devised “VirusTotal hacking” attack (on the pattern of “Google hacking”) using a VirusTotal license and some tools. As stated in their post,
Our goal was to identify the data a criminal could gather with a VirusTotal license, available for the small fee of €600.
Once they accessed the platform, the researchers searched for different malicious data stealers via filenames. They could then access over 1,000,000 stolen credentials via malware like RedLine Stealer, Azorult, Racoon Stealer, and Hawkeye.
The researchers have shared the details of the data they could access via specific malware types in their post.
In all, with this attack, the researchers intended to highlight how the cybercriminals could abuse platforms like VirusTotal for cyberattacks. Such attacks aren’t new as the attackers already exploit Google to extract data via simple search. (Hence, dubbed “Google hacking”).
After devising this attack, SafeBreach also informed Google (the parent firm behind VirusTotal) about the matter. They also advised law enforcement and the hosting companies to track these tactics and take down malicious C&Cs to prevent such scraping.
Last modified: January 25, 2022