Gangs targeting Amazon, PayPal, Steam and other accounts have stolen over 50 million passwords during the first half of 2022 alone, along with bank account details, cryptocurrency wallet data and other sensitive information from victims.
Detailed by cybersecurity researchers at security company Group-IB, the password-stealing campaign is attributed to 34 different Russian-speaking cyber criminal groups involved in distributing malware-as-a-service schemes.
People have fallen victim to the attacks across the world, with the US, Brazil, India, Germany, and Indonesia most commonly targeted.
By using information-stealing malware including Raccoon and Redline stealers, cyber criminals have collectively infected over 890,000 users and stolen over 50 million passwords – as well as stealing details of over 103,000 bank cards and data which could be used to steal from over 113,000 crypto wallets , according to the security company.
The stolen passwords and compromised card details are thought to be worth a total of around $5.8 million on underground forums.
Analysis of cyber criminal activity suggests that the campaigns are organized in Telegram channels – researchers identified 34 active chat groups based around stealing passwords, with around 200 members in each.
The tasks of workers, the scammers of the lower-ranks is to drive traffic to scam websites impersonating well-known companies and convince victims to download malicious files. Cybercriminals embed links for downloading stealers into video reviews of popular games or into mining software or ‘lotteries’ on social media.
The most commonly stolen passwords are for PayPal accounts, followed by Amazon, Steam, Roblox and Epic Games accounts.
So: A security researcher easily found my passwords and more: How my digital footprints left me surprisingly over-exposed
The malware-as-a-service model allows low-level crooks to access malware which they then use to infect victims. These attackers either pay an upfront fee for using the malware, or provide the author with a cut of the profits from their attacks.
“The popularity of schemes involving stealers can be explained by the low entry barrier. Beginners do not need to have advanced technical knowledge as the process is fully automated,” said a blog post by Group-IB’s Digital Risk Protection team.
Raccoon stealer is the most used malware in these attacks targeting passwords. The malware isn’t that sophisticated, but it’s been successful for years and is commonly distributed by abusing botnets to send out phishing emails.
Redline stealer is also popular among the password-stealer attackers because it’s cheap for would-be criminals to acquire and easy-to-use and has been available since 2020. Redline is commonly distributed using phishing emails with malicious attachments designed to exploit unpatched vulnerabilities in applications.
According to Group-IB, other methods the cyber criminals use to deliver malware to victims include distributing it within software downloads on file-sharing sites, as well as taking control of social media accounts and sharing a malicious link with their followers.
So: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened
No matter what malware is being used or how it’s delivered, if a victim becomes infected, it can provide cyber criminals with access to their passwords, bank details, cryptocurrency wallets and more.
Stealing bank details or cryptocurrency will be costly for the victims, who could find that their accounts have been drained or used to make fraudulent purchases.
Meanwhile, stealing passwords can provide cyber criminals with a range of sensitive information which they can exploit for fraud themselves, or sell on underground forums. There’s also the possibility that if the same password is used across multiple accounts, cyber criminals will be able to access them too.
“For victims whose computers become infected with a stealer, the consequences can be disastrous,” researchers warned,” said Group-IB.
To avoid falling victim to this password-stealing malware campaign and other cyber attacks, researchers recommend that users avoid downloading software from suspicious or unknown sources, avoid saving passwords in their browser and regularly clear their cookies.
Other steps which users can take to avoid unauthorized access to accounts include using multi-factor authentication, so in the event a password is stolen, it’s much harder for a cyber criminal to use the account.
Users should also avoid using the same password across multiple accounts, especially if it’s a commonly used or weak password.
MORE ON CYBERSECURITY