Over 55,500 password stealers detected in the Philippines, says cybersecurity firm

May 25, 2021 - 8:06 PM
A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. Reuters/Pawel Kopczynski

There are more than 55,500 password stealers found in the Philippines in the first quarter of 2021, according to a cybersecurity firm.

Kaspersky defined password stealers as “a type of malware that steals account information.”

“In essence, it is similar to a banking Trojan, but instead of intercepting or substituting entered data, it usually steals information already stored on the computer: usernames and passwords saved in the browser, cookies, and other files that happen to be on the hard drive of the infected device,” it said.

In its new research released on May 24, the firm recorded a total of 55,597 password stealers in the Philippines during the first three months of the year, which was a 25% increase from the same period in 2020.

Overall, the cybersecurity firm successfully blocked a total of 776,684 Trojans designed to steal accounts in Southeast Asia. The incidents was 155,942 higher than last year which only recorded a total of 620,742 Trojans.

Here is a comparison of the number of Trojan password stealers detected in 2020 and 2021:

Data from Kaspersky

An official from the firm cited the massive digital shift of Southeast Asian users as the main reason for the increase in cybercriminals seeking to take advantage of this move.

“It is known that Southeast Asia homes the most active social media users in the world. At the same time, the region is witnessing a massive digital shift at a breakneck speed. We are now 400-million-strong online consumers, a number predicted to happen not until 2025,” said Yeo Siang Tiong, the firm’s general manager for Southeast Asia.

“Hence, it is expected that cybercriminals would be very interested to take over our virtual accounts brimming with financial and confidential data,” he added.

In relation to this, in another data released, Kaspersky also detected groups of cybercriminals called “Ransomware 2.0” in Asia Pacific.

The firm defined these groups “who moved from hostaging data to exfiltrating data, coupled with blackmailing.”

“The aftermaths of a successful attack include significant monetary loss and damaging reputation loss,” Kaspersky said.

There are two highly active groups found called REvil and JSWorm, both of which resurfaced amid the coronavirus pandemic.

Activities of the REvil, which is also known as Sodinokibi and Sodin, peaked in August 2019 with 289 potential victims.

In July 2020, their activities increased at an alarming 1,893% in a span of a month. Kaspersky managed to protect 877 users from this threat.

Similar to Trojan, JSWorm, meanwhile, also became active in 2019 in different parts of the globe.

The number of potential victims of this threat were slightly lower compared to 27 users almost infected with this type of threat in 2019. The cybersecurity firm have blocked attempts against 230 users worldwide.

Another official from Kaspersky warned that there seemed to be no signs for these activities to cease operations in the future.

“Both resurfaced as the pandemic rages in the region last year and we see no signs of them stopping anytime soon,” said Alexey Shulmin, Lead Malware Analyst at Kaspersky.