VirusTotal is known to be the largest online antivirus. It is a free and very useful service to be able to analyze if a URL could be a danger, have malware or be Phishing, for example. However, now a group of security researchers has managed to hack this platform and access a large number of login credentials that had been stolen. And this is a major problem.
Stolen credentials exploited in VirusTotal
This has been discovered by the computer security group SafeBreach. They have discovered a method through which they can collect huge amounts of stolen login credentials simply by searching VirusTotal. In fact, they have been able to access a million credentials that had been previously mined.
These credentials are mined through unencrypted cryptocurrency wallets and different strains of malware. To carry out this hack, the researchers simply used a virus total license and your own tools. What they were looking for with this was to find out what a hacker could find out if they had that license for this online antivirus.
This research was based on the google hacking method. What they do is look for websites that are vulnerable, IoT devices, and any data leaks. In their report, they showed that hackers collect credentials from various platforms, such as forums or browsers, and write them to an encrypted file name, for example, all_credentials.txt.
Later, that file is extracted into a server controlled by attackers. These researchers used different VirusTotal tools to find files that had stolen data. They claim that it is a very simple technique to steal this data from VirusTotal.
Known malware
This group of security researchers have used some known malware strains, like Azorult, RedLine Stealer or Raccoon Stealer. They also relied on forums to track down sensitive data that could be readily available to anyone via VirusTotal.
Through these techniques, uniting the different varieties of malware and the VirusTotal’s own tools, they managed to access files with data from hundreds of victims, which also included thousands of passwords.
Why Google plays a fundamental role here? VirusTotal belongs to Chronicle Security, which in turn is a subsidiary company of Google. The security researchers behind this report alerted the search giant, but Google, at least for now, has not removed that data and files.
This means that today all that content is still available for a hacker to access and use fraudulently. As we have seen, the techniques are not complex and are accessible to anyone who has a VirusTotal license and a series of tools for it.
In short, VirusTotal, the largest online antivirus, has been hacked by a group of security researchers who have shown how it is possible to extract a large amount of data and credentials. It remains to be seen if Google takes some kind of action to prevent this from being available to anyone. You can see if we are really protected only with an antivirus on the Internet.