Security News > 2024 > July > Infostealer malware logs used to identify child abuse website members
Thousands of pedophiles who download and share child sexual abuse material were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations.
Previous analysis has shown that information-stealer logs can contain crucial business account data or credentials to accounts that can expose proprietary information.
This includes CSAM users who, without their knowledge, expose all of the credentials for their online banking, email, and other legitimate accounts, as well as the account credentials used for accessing CSAM sites that require registration.
Insikt analysts used infostealer logs captured between February 2021 and February 2024 to identify CSAM consumers by cross-referencing stolen credentials with twenty known CSAM domains.
As information-stealing malware steals all credentials saved in a browser, the researchers were able to link CSAM account holders to their legal online accounts, such as email, banking, online shopping, mobile carriers, and social media.
Insinkt's analysis highlights the potential of infostealer data in aiding law enforcement to track child abuse tracking and prosecute individuals.