According to Deep Instinct security researchers, TrickBooster — a variant of the TrickBot malware that's been around since 2016 — has already compromised accounts associated with prominent government organisations, national security agencies, leading universities, more than 150 F500 companies as well as private users.
That 250 million includes 26 million Gmail accounts, 26 million Yahoo! accounts, 11 million Hotmail accounts, 3.5 million MSN accounts, and 2 million Yahoo! UK accounts.
TrickBooster's significance was realised when Deep Instinct researchers uncovered a database containing 250 million e-mail accounts harvested by TrickBot and TrickBooster operators, which were also used as lists of targets for malicious delivery and infection.
"The size, scale and sophistication of this cyberattack is one of the most advanced ever seen," said Deep Instinct chief executive and co-founder Guy Caspi.
"This malware actively avoids detection as it spreads and harvests enormous amounts of data. And while our investigations have uncovered that the attack has collected and targeted more than 250 million email accounts, it's clear from our analysis in the last 72 hours that this is just the tip of the iceberg.
"We are currently notifying key government and law-enforcement authorities globally to help minimise further damage."
According to Deep Instinct, one reason why TrickBooster was able to spread so widely before being detected is that its infecting executable does a particularly thorough job of cleaning up after itself.