Password-stealing Erbium malware is spreading fast — and loved by cybercriminals

A magnifying glass showing the word malware
(Image credit: Shutterstock)

A new password-stealing malware called Erbium that is currently being distributed as fake cracks and cheats for popular video games is gaining popularity among cybercriminals.

As reported by BleepingComputer, this new malware is capable of stealing credit card info, cookies and cryptocurrency wallets in addition to passwords.

DuskRise’s Cluster 25 Threat Intel Team published the first report on Erbium at the beginning of this month but now, a new report from Cyfirma has revealed even more details on how this password-stealing malware is being distributed in the wild.

What sets Erbium apart from other malware is that it’s actually Malware-as-a-Service (MaaS). In this scenario, cybercriminals pay a monthly or annual fee to the malware’s creators for access so that they can use it in their attacks.

Undercutting the Malware-as-a-Service market 

Beginning in July, security researchers observed that Erbium was being promoted on Russian-speaking forums. While access to the malware initially cost just $9 per week, its price increased to $100 per month or $1,000 annually once Erbium gained popularity among cybercriminals.

The RedLine stealer is another popular malware used by cybercriminals in their attacks. However, access to Erbium costs significantly less, which has helped it become popular so quickly.

On an infected machine, Erbium is capable of stealing data stored in either Chromium or Gecko-based web browsers including passwords, cookies, credit card data and autofill information. The malware is also able to steal data from a number of popular cryptocurrency wallets that offer browser extensions.

Erbium goes a step farther though as the malware can steal crypto from cold desktop wallets including Exodus, Atomic, Armory, Bitecoin-Core, Bytecoin, Dash-Core, Electrum, Electron, Coinomi, Ethereum, Litecoin-Core, Monero-Core, Zcash, and Jaxx. It can also steal two-factor authentication (2FA) codes from Trezor Password Manager, EOS Authenticator, Authy 2FA, and Authenticator 2FA. Gamers aren’t safe either as Erbium can steal Steam and Discord tokens.

Still a work in progress 

A hacker typing on a computer

(Image credit: Shutterstock)

Erbium is a relatively new malware strain but despite that fact, it’s already been quite well received by the cybercriminal community.

Even though it’s still a work in progress, users on dark web hacking forums have praised the way in which its creator has been open to requests for new features and functionality.

So far, Erbium infections have been detected in the U.S., France, Colombia, Spain, Italy, India, Vietnam and Malaysia according to Cluster25.

The first Erbium campaign discovered used game cracks as lures in order to target software pirates. However, now that the malware has become more popular, other cybercriminals could devise new ways to distribute this dangerous, password-stealing malware so be on the lookout.

How to stay safe from password-stealing malware

Password-stealing malware like Erbium and RedLine can throw your whole life into turmoil, as you’ll be locked out of your online accounts. Unlike with ransomware, there’s no way to recover your stolen data.

As such, you should ensure that you have one of the best antivirus software solutions installed on your PC, the best Mac antivirus software on your Mac and one of the best Android antivirus apps on your Android smartphone. This way, you’ll be able to stop an infection before it happens as opposed to trying to clean up the mess afterwards. 

At the same time, you should avoid saving passwords in your browser and use one of the best password managers instead. 

If you do happen to fall victim to password-stealing malware, you may want to invest in one of the best identity theft protection services to help speed up the restoration process.

Read next: A new iOS tool could be a malware nightmare, and this is how iPhone owners can stay safe.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.