Earlier this month, analysts from Cluster25 discovered a new Erbium infostealer and, as their colleagues from Cyfirma now report, the malware is distributed under the guise of cracks and cheats for popular games and steals credentials and information about cryptocurrency wallets from victims.
Let me remind you that we also talked about the fact that プリント・スティーラー マルウェアにはバックドアが含まれており、ハッカーからデータを盗みます, そしてそれも 普通でない YTSティーラー YouTuberを狙うマルウェア.
エルビウム is a new MaaS (Malware-as-a-Service) focused on information theft. 専門家によると, the malware is already gaining popularity in the hacker community due to its very extensive functionality, customer support and competitive prices.
Erbium has been advertised mainly on Russian-speaking hack forums since July 2022, and there is still very little information about its actual use by attackers. At the start, the malware cost only $9 per week, but as its popularity grew, the price increased, and by the end of August it was already $100 per month, また $1,000 for an annual license. したがって, now Erbium is about a third cheaper than the popular レッドライン infostealer.
Like other data-stealing malware, Erbium is able to steal information stored in victims’ browsers (based on Chromium or Gecko), including passwords, クッキー, bank card data and autofill. The malware is also capable of extracting data about various cryptocurrency wallets installed in browsers as extensions.
加えて, the infostealer is “interested” in cold dektop wallets, 含む Exodus, Atomic, Armory, Bitecoin-Core, Bytecoin, Dash-Core, Electrum, Electron, Coinomi, Ethereum, Litecoin-Core, Monero-Core, Zcash と Jaxx.
Can Erbium and steal two-factor authentication codes from Trezor Password Manager, EOS Authenticator, Authy 2FA と Authenticator 2FA.
In addition to the above, the malware is able to take screenshots from all monitors of the attacked user, steal tokens from Steam と 不和, steal 電報 authentication files, and can create a profile of the infected host based on the OS and hardware it uses.
All data collected by the infostealer is transmitted to the control server through the built-in API system, and in the admin panel, malware operators see what exactly was stolen from each infected host. The malware uses three URLs to connect to the control panel, including the Discord CDN, which is still actively abused by hackers.
According to Cluster25, signs of Erbium contamination can already be found almost all over the world, including in the US, France, Colombia, Spain, Italy, India, Vietnam and Malaysia.
Although the Erbium distribution campaign uncovered by Cyfirma analysts uses game cracks and cheats as baits, and malware enters victims’ systems through drive-by downloads, experts warn that malware distribution channels may change depending on buyers’ preferences.
コメントを残す