More than 43 million users were put in a vulnerable position as their email addresses were leaked whereby Trik spam botnet exposed 43 million email addresses. Security analyst from Vertek Corporation detected this malware campaign and found a misconfigured server responsible for this data leak.
Trik Spam Botnet Server Leaked More Than 43 Million Email Addresses
While investigating the massive malware campaign involved in the distribution of Trik Trojan, Vertek researchers discovered how a ‘leaky’ Russian server kept over 43 million email addresses exposed.
According to the researchers, the Trojan Trik, together with GandCrab 3 ransomware, would download malicious files from a misconfigured server that was located on a Russian IP address. The group running this campaign deliberately misconfigured the server. Consequently, anyone directly accessing that IP could access the data present on that server.
The data containing the leaked email addresses contains 43,555,741 unique email addresses from various popular domains including Yahoo, Rediffmail, AOL, and MSN. However, very few Gmail addresses were there.
“We pulled all of them to validate that they are unique and legitimate. Out of 44,020,000 potential addresses, 43,555,741 are unique,” says Vertek researcher. “The email addresses are from everywhere. Everything from .gov to .com, and domain of several private businesses.”
What Is Trik? How Does It Work?
Trik Trojan is a malware downloader, which turns infected systems into botnets. These botnet computers then serve as a source to spread spam campaigns by the botnet operators. These operators also sell these “install spaces” to other criminals facilitating them to further attack Trik victims. Vertek researchers were investigating a similar campaign where Trik and GandCrab groups had joined together.
Though the leaky server was present on a Russian IP, the origin of botnet operators is yet unclear.
Right after the news surfaced online about this data leak, the server went offline.
Let us know your thoughts in the comments section below.