In the first seven months of 2022, up to 34 Russian-speaking gangs using the stealer-as-a-service business model to distribute information-stealing software stole no less than 50 million credentials.
The Singapore-based Group-IB reported that the “underground market value of stolen logs and compromised card data is estimated to be over $5.8 million.”
The thieves not only stole passwords but also 2.11 billion cookie data, 113,204 crypto wallets, and 103,150 credit and debit cards.
The United States is the country with the highest concentration of victims, followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. During that time, 890,000 devices across 111 nations were affected.
According to Group-IB, some scam groups’ members who are spreading information thieves previously took part in the Classiscam operation.
These hierarchical groups, which are active on Telegram and often have 200 members, are made up of administrators and workers (also known as traffers), the latter of whom are in charge of leading gullible individuals to info-stealers like RedLine and Raccoon.
This is done by creating bait websites that pose as well-known businesses in order to trick people into downloading dangerous files. Links to these websites are then shared directly with NFT artists or included in YouTube video critiques of well-known games and lotteries on social media.
“Administrators usually give workers both RedLine and Racoon in exchange for a share of the stolen data or money,” the company said. “Some groups use three stealers at the same time, while others have only one stealer in their arsenal.”
After a successful compromise, cybercriminals sell the stolen data on the dark web in order to profit.
The finding underlines Telegram’s pivotal role in facilitating a variety of illegal actions, including serving as a focal point for providing customer service, publicising product updates, and stealing data from hacked devices.
The discoveries come in the wake of a fresh SEKOIA study that exposed the addition of an emerging information stealer by the name of Aurora to the toolkits of seven separate traffers teams.
“The popularity of schemes involving stealers can be explained by the low entry barrier,” Group-IB explained. “Beginners do not need to have advanced technical knowledge as the process is fully automated and the worker’s only task is to create a file with a stealer in the Telegram bot and drive traffic to it.”
Suggest an edit to this article
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
