Warning: spear-phishing campaign targeting IS MU login credentials
The Cybersecurity Team of Masaryk University warns of an ongoing spear-phishing campaign aimed at stealing login credentials for the Masaryk University Information System.
Warning: infostealer, dozens of hacked accounts found on Telegram - are you among them?
Masaryk University's cybersecurity team warns of many compromised accounts whose login credentials have been leaked due to infostealers - malware that surreptitiously steals passwords and other sensitive data.
What's going on?
Infostealer is malware that steals passwords and other sensitive data from compromised devices. It spreads through infected email attachments, fake updates, fraudulent websites, or pirated games, programs, and movies. The extracted data is then uploaded in bulk and sold on hacker forums, including dedicated channels on Telegram. We found lists of compromised accounts there as well.
The passwords found come from databases of leaked logins stolen by infostealers. We actively monitor these leaks, search them for MU-related accounts (including primary and secondary passwords), and verify their validity.
How does Infostealer work?
Once infostealer infects a device, it collects and sends anything that may be useful to attackers:
- login credentials (passwords, cookies, authentication tokens),
- payment information (card numbers, bank logins),
- personal data (emails, phone numbers, addresses, documents).
In addition, it also monitors activity on the device (applications running, file list, time of use) and can obtain system information (operating system version, installed applications, network configuration). Among other things, it can also take screenshots or record videos of activity on the device.
What to do?
The best protection against infostealers is prevention. Protect your data by following these security measures:
- Be careful when clicking links - don't mindlessly open unknown/suspicious links.
- Use a password manager to help you create strong and unique passwords.
- Turn on multi-factor authentication (MFA) - you will significantly reduce the risk of account misuse, even if your password is leaked.
- Regularly update the software and operating system on your devices.
- Use antivirus (e.g., Windows Defender, ESET) and monitor for suspicious activity.
Do you suspect an infostealer and want to remove it? Follow our guide.
Conclusion
Don't underestimate the unusual behavior of your device. Suspicious emails, unexpected changes to settings, or unauthorized access usually indicate a problem. If you are hesitant about any of these, we recommend referring the device to your site's IT administrator. If it is a personal device, then have it assessed by a service professional. At the same time, report the incident immediately to the Masaryk University's cybersecurity team - the sooner the security team receives the information, the quicker they can respond and minimize any impact.
You can always find everything important about cybersecurity at Masaryk University at https://security.muni.cz/en.