Warning: Password Theft Epidemic Linked to Russian Groups Using Info-Stealing Malware
Security researchers have issued a stark warning about a growing password theft epidemic, revealing that Russian threat actors are using off-the-shelf info-stealing malware to devastating effect. Group-IB, a leading security vendor, conducted an analysis that uncovered 34 Telegram groups being used by these threat actors to coordinate their activities. In just the first seven months of 2022, over 890,000 user devices were infected, resulting in the theft of more than 50 million passwords.
Organized Efforts and Automated Scam Campaigns
Each of these Telegram groups reportedly has up to 200 active members, indicating a high level of organization among the threat actors. These groups are often involved in automated scam campaigns known as “Classiscam,” where lower-ranked workers are assigned tasks by administrators in exchange for a share of the profits. These workers drive traffic to scam websites posing as legitimate companies and attempt to deceive victims into downloading malicious files.
According to Group-IB, these malicious activities are promoted through various channels such as embedding links in popular game reviews on YouTube, mining software or NFT files on specialized forums, and fake lucky draws and lotteries on social media platforms.
Info-Stealing Malware and Data Theft
The info-stealing malware used by these threat actors is designed to extract sensitive information stored in web browsers and send it back to the malware operators. This stolen data can include credentials for gaming accounts, email services, social media platforms, as well as financial information like bank card details and crypto-wallet access.
Group-IB noted that the threat actors often deploy multiple malware variants simultaneously, with RedLine and Racoon being the most commonly used ones. These malware tools can reportedly be rented from the dark web for as little as $150-200 per month.
Targets and Impact
PayPal and Amazon passwords accounted for the largest share of malicious activity in 2022, with gaming services like Steam, EpicGames, and Roblox experiencing a significant increase in attacks. The number of stolen passwords has risen by 80% compared to the previous year, with a notable increase in theft of cookie files, crypto wallets, and payment card information.
Group-IB estimated that the value of the stolen data so far amounts to nearly $6 million. The Digital Risk Protection team at Group-IB emphasized the ease of entry into these scam operations for beginners, leading to fierce competition among criminals for resources and profits.
Conclusion
The rise of info-stealing malware and the proliferation of password theft schemes highlight the need for enhanced cybersecurity measures to protect sensitive data. As threat actors continue to evolve their tactics, individuals and organizations must remain vigilant and take proactive steps to safeguard their digital assets.
Stay informed and stay secure in the face of growing online threats.