Identity, Malware

Thousands of child abuse site users potentially exposed by infostealer logs

password to access personal user data, cybersecurity concept

Infostealer logs, or data exfiltrated by information-stealing malware, could be leveraged to reveal the identities of thousands of individuals using websites sharing child sexual abuse material over the darknet, reports The Record, a news site by cybersecurity firm Recorded Future.

While account logins on CSAM trafficking sites have been anonymized, such information has been linked by infostealer logs to accounts on Facebook and other clear web platforms, as well as browser autofill data, which enabled the identification of a user's full name, phone numbers, and address, according to a proof-of-concept report from Recorded Future.

"You get visibility into a lot of the login credentials, including their passwords to multiple websites, essentially all paths, all websites that they would have logged on to during that time, or that's saved on their keychain," said Recorded Future cybercrime researcher Hande Guven.

Data stolen by cybercriminals was also noted by Recorded Future Product Manager Dmitry Smilyanets to be beneficial in identifying other kinds of criminals.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.