- Nordvpn’s investigation reveals 94 billion stolen cookies in the dark network
- Only a small percentage of these is still active
- These cookies represent a serious risk for customers.
A new Nordvpn research has revealed cookies, the small information files generated by web servers and sent to web browsers, are filtering and exploiting on the dark website in large numbers.
The findings estimate that there are around 94 billion cookies that circulate in the dark network, with almost 42 billion of them originated from Redline, a notorious infant infants malware, although only 6.2% of them were still active, which means they have a relatively short useful life.
In fact, most were inactive, with only 7.2% of the 10.5 billion cookies identified from Vidar that are shown as valid, along with 6.5% of Lummac2, a new infants of infants infants, which has collected a total of 8.8 billion stolen cookies. However, there is an atypical case, with Cryptbot that demonstrates, with much, the most effective malware since 83.4% of the 1.4 billion stolen cookies are still active.
What is inside?
This is not the first time that NordvPN warns that they are abusing cookies, with millions of stolen internet browser cookies of the United Kingdom consumers leaked on the dark website in 2024, although the total of 2024 was 54 billion, which describes an increase year after year.
These data set cookies contained a variety of different types of information, with the most common keywords that are “ID” (18 billion), together with “session” (1.2 billion), “auth” (292 million) and “log in” (61 million), this is particularly worrying, since it suggests that “Live sesions hijack without a password” could be used. Researchers warn;
“The cookies may sound sweet, but sometimes they can leave a bad taste. The truth is that, even the most important cookies can cause a lot of damage to you or your business. Once a door is open, it is not so difficult to open others.
However, that’s not all. These cookies could allow attackers to take care of social networks accounts, avoid two factors, launch social engineering attacks or even access confidential financial information.
