34 Russian hacker groups stole 50 million user passwords

by Arthur · November 23, 2022

Group-IB security researchers have warned of an ongoing theft of passwords initiated by Russian-speaking hacker groups. According to the Singapore-based cyber security giant, thirty-four groups were discovered using off-the-shelf information stealers to target unsuspecting users. Here are more details about their findings.

Table of Contents

Russian hackers steal passwords

The Internet security firm Group-IB states that the 34 Russian hacking groups distribute information-stealing malware and offer them as a stealer-as-a-service. The hackers mainly offer Redline and Racoon info stealers to steal passwords from Roblox and Steam game accounts.

The hackers also target users to steal PayPal and Amazon credentials, users’ payment records, and crypto wallet information. The attackers found their victims through Russian Telegram groups.

How does the attack work?

In their report shared with Hackread.com, Group-IB revealed that scammers use websites that pretend to be reputable companies, and victims are tricked into downloading malicious files. This is achieved by embedding malware download links in popular games’ video reviews on YouTube, sweepstakes and lotteries on social media platforms, and NFT file mining software on various forums.

When the info thief invades the device, it collects data from browsers and transmits it to the attacker. The stolen data may include gaming account credentials, social media, email services, crypto wallet information and bank card details.

How many devices have been infected?

Reportedly, in the first seven months of 2022, these groups managed to infect more than 890,000 user devices and stole over 50 million passwords. Researchers reviewed 34 Telegram groups the hackers used to launch their attacks and found that the targets are quite extensive as they have targeted users in 111 countries. But their main targets were countries including the following:

USA
India
Brazil
Germany
Indonesia

Each group has around 200 active members. So far, the stolen data includes 16% of PayPal and 13% of Amazon passwords, making these the most targeted platforms in this campaign. Apart from these, hackers have targeted EpicGames, Steam and Roblox.

Most groups are well organized. Primarily, they are involved in automated fraud-as-a-service attacks. Researchers noted that the perpetrators are low-level cyber criminals previously involved in phishing campaigns such as Classicscam.

Of the 34 groups, 23 use Redline and 8 use Raccoon and three use custom malware. They typically rent malware from the dark web for as little as $150 to $200 a month. According to Group-IB’s estimate, the stolen data could be worth around 6 million dollars.

“The popularity of schemes involving thieves can be explained by the low barrier to entry. Beginners do not need to have advanced technical knowledge as the process is fully automated and the worker’s only task is to create a file with a thief in the Telegram bot and drive traffic to it. However, for victims whose computers become infected with a thief, the consequences can be catastrophic, researchers concluded.

What is Scam-as-a-Service

Scam-as-a-service is a type of online scam that allows criminals to easily set up and manage their own scam. Using readily available tools and services, fraudsters can quickly launch phishing, social engineering and other types of attacks without having to invest in developing their own malicious software or infrastructure.

The rise of fraud-as-a-service has made it easier than ever for criminals to defraud individuals and businesses. While traditional fraud requires a significant investment of time and money to set up, fraud-as-a-service providers make it possible for even amateur criminals to launch sophisticated attacks.

Fraud-as-a-service is of particular concern because it enables criminals to carry out their activities with relative anonymity and without having to establish a physical presence.