
According to experts at Panda Security the details ended up on the file, which is hosted on a remote web server, after thousands of users inputted their details on to unsecured websites. The security researchers now believe those people are at risk of becoming victims of identity fraud.
“This is another example of the need for good security measures that prevents data ending up in the hands of cybercriminals”, says Luis Corrons, technical director of PandaLabs. “We are coming across more and more tools like this, which confirms there is a black market for developing and selling them.”
Fraudsters also use the Apophis device to track the location of infected computers, determine how many are active and to search for stolen data.