NightHunterSecurity researchers have discovered a phishing campaign that has run uninterrupted for five years and has allowed attackers to steal login credentials for Google, Yahoo, Facebook, Dropbox and Skype.  The malware, known as NightHunter, dates back to 2009 and has infected the oil industry, educational institutions, hospitals, charities and many other organizations.  Direct damages caused by NighHunter are still unknown; however, the malware has compiled an enormous database of stolen information and login credentials over the five year period.

The NightHunter malware makes use of several different types of keyloggers to steal a user’s information.  When a user attempts to log in to a website or a restricted file, the keylogger records the access information and sends it back to the database. The keyloggers are also able to clear a browsers data, take screenshots and disable products. What makes NightHunter unusual and difficult to trace is that is uses simple email transfer protocols (SMTP) to send the information back to the source.

“Email to social networking is like snail-mail is to email, it is outdated and often overlooked, so it can be a more stealthy way of data theft,” Navaraj said.

The NightHunter malware is typically propagated through phishing emails with business related subject lines.  These emails contain common attachments such as .DOC, .ZIP and .RAR which install the malicious keyloggers when opened.  So far, most of the infected emails seem to have been directed towards personal in finance, sales or HR departments.

The most important thing to take away from malware such as NightHunter is how effective phishing scams still are at hooking victims.  Despite years of telling users, it can’t be underscored enough, don’t open attachments from unknown senders, no matter how authentic and genuine the message might seem.  Given how long it took to discover this scam, once compromised, your systems could be at risk for a very long time.

– Richard Keene
IT Computer Support of New York
Webmaster and Lead Designer