Sunday, July 21, 2024

Over 50 Million Passwords Stolen by 30+ Russian Cybercrime Groups Using Stealer Malware

In the first seven months of 2022, up to 34 Russian-speaking gangs using the stealer-as-a-service business model to distribute information-stealing software stole no less than 50 million credentials.

The Singapore-based Group-IB reported that the “underground market value of stolen logs and compromised card data is estimated to be over $5.8 million.”

The thieves not only stole passwords but also 2.11 billion cookie data, 113,204 crypto wallets, and 103,150 credit and debit cards.

The United States is the country with the highest concentration of victims, followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. During that time, 890,000 devices across 111 nations were affected.

According to Group-IB, some scam groups’ members who are spreading information thieves previously took part in the Classiscam operation.

These hierarchical groups, which are active on Telegram and often have 200 members, are made up of administrators and workers (also known as traffers), the latter of whom are in charge of leading gullible individuals to info-stealers like RedLine and Raccoon.

This is done by creating bait websites that pose as well-known businesses in order to trick people into downloading dangerous files. Links to these websites are then shared directly with NFT artists or included in YouTube video critiques of well-known games and lotteries on social media.

“Administrators usually give workers both RedLine and Racoon in exchange for a share of the stolen data or money,” the company said. “Some groups use three stealers at the same time, while others have only one stealer in their arsenal.”

Recommended:  An Essential Guide to Understanding, Reporting, and Combatting Digital Threats

After a successful compromise, cybercriminals sell the stolen data on the dark web in order to profit.

The finding underlines Telegram’s pivotal role in facilitating a variety of illegal actions, including serving as a focal point for providing customer service, publicising product updates, and stealing data from hacked devices.

The discoveries come in the wake of a fresh SEKOIA study that exposed the addition of an emerging information stealer by the name of Aurora to the toolkits of seven separate traffers teams.

“The popularity of schemes involving stealers can be explained by the low entry barrier,” Group-IB explained. “Beginners do not need to have advanced technical knowledge as the process is fully automated and the worker’s only task is to create a file with a stealer in the Telegram bot and drive traffic to it.”

Suggest an edit to this article

Cybersecurity Knowledge Base

Latest InfoSec News

Cybersecurity Academy


Why not join our InfoSec News & Awareness group on Facebook? get involved, and spread cyber awareness as we know it!

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Recommended:  CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates