File containing confidential data from 30,000 users

A version of Apophis, a tool used by cyber-crooks to handle information stolen from users infected by several variants of the Nuklus family of Trojans, stores data belonging to over 30,000 users from more than twenty countries. PandaLabs has been able to access a file with some of the stolen data. This file kept encrypted confidential data belonging to almost 1,500 people from the USA, Canada and the UK.

Surprisingly enough, this data contained, in addition to information about bank and email accounts, information such as the users’ postal address, phone number or their credit card expiry date. With this information, cyber-crooks not only can get the users’ money, but also impersonate them and use their identity to make purchases, bank transfers, etc., in their name.

“This is just an example of the dangers of current malware, and, above all, of the need for a good protection that prevents data entered by users in Web forms, banking sites, etc. from ending up in the hands of cyber-criminals”, explains Luis Corrons, Technical Director of PandaLabs.

Apophis offers criminals several options: they can know the geographical location of infected computers, how many of them are active at a certain time or search among stolen data.