Group-IB security researchers have warned about an ongoing password-stealing spree initiated by Russian-speaking hacking groups. According to the Singapore-based cybersecurity giant, thirty-four groups were detected using off-the-shelf info stealers to target unsuspecting users. Here are more details of their findings.
Russian Hackers Stealing Passwords
Cybersecurity firm Group-IB states that the 34 Russian hacking groups are distributing information-stealing malware and offering them in stealer-as-a-service. The hackers mainly offer Redline and Racoon info stealers to steal passwords from Roblox and Steam gaming accounts.
The hackers also target users to steal PayPal and Amazon credentials, users’ payment records, and crypto wallet information. The attackers found their victims through Russian Telegram groups.
How does the Attack Works?
In their report shared with Hackread.com, Group-IB revealed that scammers use websites impersonating reputed companies, and victims are tricked into downloading malicious files. This is achieved by embedding links to download malware into popular games’ video reviews on YouTube, lucky draws and lotteries on social media platforms, and mining software of NFT files on various forums.
Once the info stealer invades the device, it collects data from browsers and transmits it to the attacker. The stolen data can include gaming account credentials, social media, email services, crypto-wallet info, and bank card details.
How Many Devices Have Been Infected?
Reportedly, within the first seven months of 2022, these groups managed to infect more than 890,000 user devices and stole over 50 million passwords. Researchers reviewed 34 Telegram groups the hackers used to launch their attacks and learned that targets are pretty extensive as they have targeted users across 111 countries. But their prime targets were countries including the following:
Each group has around 200 active members. So far, the stolen data comprises 16% of PayPal and 13% of Amazon passwords, which makes these the most targeted platforms in this campaign. Apart from these, hackers have targeted EpicGames, Steam, and Roblox.
Most of the groups are well-organized. Primarily they are involved in automated scam-as-a-service attacks. Researchers noted that the perpetrators are low-level cybercriminals previously involved in phishing campaigns like Classicscam.
Of the 34 groups, 23 use Redline and 8 use Raccoon and three use custom-made malware. They usually rent the malware from the dark web for as low as $150 to $200 a month. As per Group-IB’s estimate, the stolen data could be worth around $6 million.
“The popularity of schemes involving stealers can be explained by the low entry barrier. Beginners do not need to have advanced technical knowledge as the process is fully automated and the worker’s only task is to create a file with a stealer in the Telegram bot and drive traffic to it. For victims whose computers become infected with a stealer, however, the consequences can be disastrous” researchers concluded.
What is Scam-as-a-service
Scam-as-a-service is a type of online fraud that allows criminals to easily set up and manage their own scams. By using readily available tools and services, scammers can quickly launch phishing, social engineering, and other types of attacks without having to invest in the development of their own malicious software or infrastructure.
The rise of scam-as-a-service has made it easier than ever for criminals to defraud individuals and businesses. While traditional scams require a significant investment of time and money to set up, scam-as-a-service providers make it possible for even amateur criminals to launch sophisticated attacks.
Scam-as-a-service is particularly concerning because it enables criminals to conduct their activities with relative anonymity and without having to establish a physical presence.
- Fake Tor Browser Installer Spreading Malware Via YouTube
- 2K Games Help Desk Platform Hacked to Spread Info-stealer
- QBot Malware Exploiting Windows Calculator to hack Devices
- Hackers Selling US Colleges VPN Credentials on Russian Forums
- Ukraine Thwart Russian Industroyer 2 Malware on Energy Provider