As many as 34 Russian-speaking gangs distributing information-stealing malware below the stealer-as-a-service mannequin stole no fewer than 50 million passwords within the first seven months of 2022.
“The underground market worth of stolen logs and compromised card particulars is estimated round $5.8 million,” Singapore-headquartered Group-IB stated in a report shared with The Hacker Information.
Apart from looting passwords, the stealers additionally harvested 2.11 billion cookie recordsdata, 113,204 crypto wallets, and 103,150 cost playing cards.
A majority of the victims are positioned within the U.S., adopted by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. In complete, 890,000 units in 111 nations have been contaminated throughout the timeframe.
Group-IB stated the members of a number of rip-off teams who’re propagating the knowledge stealers beforehand participated within the Classiscam operation.
These teams, that are energetic on Telegram and have round 200 members on common, are hierarchical, consisting of directors and staff (or traffers), the latter of whom are liable for driving unsuspecting customers to info-stealers like RedLine and Raccoon.
That is achieved by organising bait web sites that impersonate well-known firms and luring victims into downloading malicious recordsdata. Hyperlinks to such web sites are, in flip, embedded into YouTube video evaluations for standard video games and lotteries on social media, or shared instantly with NFT artists.
“Directors normally give staff each RedLine and Racoon in alternate for a share of the stolen information or cash,” the corporate stated. “Some teams use three stealers on the identical time, whereas others have just one stealer of their arsenal.”
Following a profitable compromise, the cyber criminals peddle the stolen info on the darkish net for financial achieve.
The event highlights the essential function performed by Telegram in facilitating a variety of legal actions, together with functioning as a hub for asserting product updates, providing buyer assist, and exfiltrating information from compromised units.
The findings additionally observe a brand new report from SEKOIA, which disclosed that seven totally different traffers groups have added an up-and-coming info stealer generally known as Aurora to their toolset.
“The recognition of schemes involving stealers might be defined by the low entry barrier,” Group-IB defined. “Newbies don’t must have superior technical information as the method is absolutely automated and the employee’s solely activity is to create a file with a stealer within the Telegram bot and drive site visitors to it.”