Breach, Threat Management, Data Security, Malware

GootKit actors leave open databases, exposing data they stole


The actors behind the information-stealing GootKit trojan apparently slipped up and left open two MongoDB databases last July, briefly exposing data that they had lifted from thousands upon thousands of infected victims.

Bob Diachenko, cyber threat intelligence director at Security Discovery, revealed in a company blog post yesterday that he spotted the open servers last July 5. By July 10, the actors seemed to become aware of the issue and made the data private.

Diachenko found 32 separate collections of data, including folders that contained, in plain text, victims' passwords, system configuration details, bank accounts, mail account logins and credit card details, plus information on the online shops they visited. Altogether, Security Discovery counted 1,444,375 email accounts, 2,196,840 passwords and configuration pairs, and 752,645 usernames.

All of the the infected machines listed in the databases were based in Europe, the region that GootKit has historically targeted. Users in Poland, France, the U.K., Italy and Bulgaria were most often affected.

ZDNet, which first reported on the data leak and was granted access to the exposed dataset, reported yesterday that the two servers had been collecting data from three Gootkit sub-botnets and 38,653 infected hosts. The news outlet also reported that the two servers contained configuration files that were sent to infected hosts and contained links to additional Gootkit modules designed to enhance the malware's features.

Originally debuted as a classic banking trojan in 2014, GootKit has evolved over time to become an adept information stealer, grabbing such data as

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.