Connect with us

Hi, what are you looking for?


Malware & Threats

Hacker Forum Credentials Found on 120,000 PCs Infected With Info-Stealer Malware

Hudson Rock security researchers have identified credentials for hacker forums on roughly 120,000 computers infected with information stealers.

Israeli threat intelligence company Hudson Rock has identified credentials associated with cybercrime forums on roughly 120,000 computers infected with information stealers.

The systems were discovered during the analysis of a database of more than 14.5 million machines infected with info-stealers, many of which belong to hackers, Hudson Rock says.

The various types of information that these malware families harvest from the infected systems, the researchers say, can be used to discover the real identities of the hackers.

Such data typically includes credentials for additional online accounts (including email addresses and usernames), auto-fill data (consisting of personal information such as names, addresses, and phone numbers), and system information.

Roughly a month ago, Hudson Rock outed a black hat hacker known as ‘La_Citrix’, who infected his own computer with an information stealer. The hacker had used the same computer to perpetrate intrusions at hundreds of companies.

Hudson Rock’s analysis of the computers infected with information stealers revealed that the cybercrime forum ‘’ has the highest number of compromised users, at more than 57,000. ‘’ and ‘’ round up the top three.

The analysis also showed that ‘’ is the cybercrime forum with the strongest user passwords, while Russian website ‘’ has some of the weakest passwords.

Advertisement. Scroll to continue reading.

However, the passwords that users of cybercrime forums employ are, overall, stronger than those used on government websites, Hudson Rock says. Compared to military websites, these forums have fewer ‘very weak’ passwords (passwords shorter than six characters with only one type of characters).

The top five countries with infected hackers were Tunisia (7.55% of total infections in the country), Malaysia (6%), Belgium (5.14%), Netherlands (4.8%), and Israel (4.43%).

Most of the infections were attributed to the Redline info-stealer. Numerous Raccoon and Azorult infections were observed as well.

“Info-stealer infections as a cybercrime trend surged by an incredible 6000% since 2018, positioning them as the primary initial attack vector used by threat actors to infiltrate organizations and execute cyberattacks, including ransomware, data breaches, account overtakes, and corporate espionage,” Hudson Rock notes.

Commenting on Hudson Rock’s findings, Tim West, head of threat intelligence at WithSecure, pointed out in an emailed comment that the large number of hackers infected with malware is likely the result of their lack of expertise.

“This is likely a symptom of the fact that now through an underground products and services economy as detailed here, many threat actors are now able to turn to cybercrime without great levels of expertise, or a full understanding of how malicious tools, that are proliferating wildly between such actors, work,” West said.  

“This is particularly true for budding cybercriminals who have not yet developed a full understanding or appreciation of operational security practice, or even have begun to fully operate in a criminal manner,” he added.

Related: ‘Sys01 Stealer’ Malware Targeting Government Employees

Related: New Information Stealer ‘Mystic Stealer’ Rising to Fame

Related: New ‘Atomic macOS Stealer’ Malware Offered for $1,000 Per Month

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.