34 Russian hacker groups stole 50 million user passwords
Group-IB security researchers have warned of an ongoing theft of passwords initiated by Russian-speaking hacker groups. According to the Singapore-based cyber security giant, thirty-four groups were discovered using off-the-shelf information stealers to target unsuspecting users. Here are more details about their findings.
Russian hackers steal passwords
The Internet security firm Group-IB states that the 34 Russian hacking groups distribute information-stealing malware and offer them as a stealer-as-a-service. The hackers mainly offer Redline and Racoon info stealers to steal passwords from Roblox and Steam game accounts.
The hackers also target users to steal PayPal and Amazon credentials, users’ payment records, and crypto wallet information. The attackers found their victims through Russian Telegram groups.
How does the attack work?
In their report shared with Hackread.com, Group-IB revealed that scammers use websites that pretend to be reputable companies, and victims are tricked into downloading malicious files. This is achieved by embedding malware download links in popular games’ video reviews on YouTube, sweepstakes and lotteries on social media platforms, and NFT file mining software on various forums.
When the info thief invades the device, it collects data from browsers and transmits it to the attacker. The stolen data may include gaming account credentials, social media, email services, crypto wallet information and bank card details.
How many devices have been infected?
Reportedly, in the first seven months of 2022, these groups managed to infect more than 890,000 user devices and stole over 50 million passwords. Researchers reviewed 34 Telegram groups the hackers used to launch their attacks and found that the targets are quite extensive as they have targeted users in 111 countries. But their main targets were countries including the following:
Each group has around 200 active members. So far, the stolen data includes 16% of PayPal and 13% of Amazon passwords, making these the most targeted platforms in this campaign. Apart from these, hackers have targeted EpicGames, Steam and Roblox.
Most groups are well organized. Primarily, they are involved in automated fraud-as-a-service attacks. Researchers noted that the perpetrators are low-level cyber criminals previously involved in phishing campaigns such as Classicscam.
Of the 34 groups, 23 use Redline and 8 use Raccoon and three use custom malware. They typically rent malware from the dark web for as little as $150 to $200 a month. According to Group-IB’s estimate, the stolen data could be worth around 6 million dollars.
“The popularity of schemes involving thieves can be explained by the low barrier to entry. Beginners do not need to have advanced technical knowledge as the process is fully automated and the worker’s only task is to create a file with a thief in the Telegram bot and drive traffic to it. However, for victims whose computers become infected with a thief, the consequences can be catastrophic, researchers concluded.
What is Scam-as-a-Service
Scam-as-a-service is a type of online scam that allows criminals to easily set up and manage their own scam. Using readily available tools and services, fraudsters can quickly launch phishing, social engineering and other types of attacks without having to invest in developing their own malicious software or infrastructure.
The rise of fraud-as-a-service has made it easier than ever for criminals to defraud individuals and businesses. While traditional fraud requires a significant investment of time and money to set up, fraud-as-a-service providers make it possible for even amateur criminals to launch sophisticated attacks.
Fraud-as-a-service is of particular concern because it enables criminals to carry out their activities with relative anonymity and without having to establish a physical presence.
- Fake Tor Browser Installer spreads malware via YouTube
- 2K Games Help Desk Platform Hacked to Spread Information Thieves
- QBot Malware that exploits the Windows calculator to hack devices
- Hackers Selling US College VPN Credentials on Russian Forums
- Ukraine prevents Russian Industroyer 2 Malware on energy supplier