Infostealer logs, or data exfiltrated by information-stealing malware, could be leveraged to reveal the identities of thousands of individuals using websites sharing child sexual abuse material over the darknet, reports The Record, a news site by cybersecurity firm Recorded Future.
While account logins on CSAM trafficking sites have been anonymized, such information has been linked by infostealer logs to accounts on Facebook and other clear web platforms, as well as browser autofill data, which enabled the identification of a user's full name, phone numbers, and address, according to a proof-of-concept report from Recorded Future.
"You get visibility into a lot of the login credentials, including their passwords to multiple websites, essentially all paths, all websites that they would have logged on to during that time, or that's saved on their keychain," said Recorded Future cybercrime researcher Hande Guven.
Data stolen by cybercriminals was also noted by Recorded Future Product Manager Dmitry Smilyanets to be beneficial in identifying other kinds of criminals.
