Security researchers have warned of a password-theft epidemic after revealing that Russian groups are using off-the-shelf info-stealing malware to create havoc
The analysis revealed 34 Telegram groups used by threat actors to organize their efforts, and that they’d infected over 890,000 user devices and stolen over 50 million passwords in the first seven months of 2022 alone. The group has many as 200 plus active members in which most of whom are organized.
Administrators will drive low-level workers and those workers in turn drive traffic to scam websites masquerading as well-known companies and try to trick victims into downloading malicious files.
By embedding links for downloading info-stealers into video reviews of popular games on YouTube, through mining software or NFT files on specialized forums, as well as lucky draws and lotteries on social media.
The threat actors used two or three distinct malware variants concurrently. The most popular were RedLine, used by 23 out of 34 gangs, and Racoon, used by eight. These can apparently be rented from the dark web for as little as $150-200 per month.
So far in 2022, PayPal (16%) and Amazon (13%) passwords account for the biggest share of malicious activity, although attacks targeting gaming services like Steam, Epic Games, and Roblox have increased almost five-fold.
The number of stolen passwords increased by 80% from December 2021 to January–July 2022. Also, the groups also go after cookie files (up 74%), crypto wallets (216%) and payment cards (81%) and the value of stolen data to date is nearly $6m.
This research was documented by researchers form Group-IB