A new password-stealing malware called Erbium that is currently being distributed as fake cracks and cheats for popular video games is gaining popularity among cybercriminals.
As reported by BleepingComputer (opens in new tab), this new malware is capable of stealing credit card info, cookies and cryptocurrency wallets in addition to passwords.
DuskRise’s Cluster 25 Threat Intel Team published the first report (opens in new tab) on Erbium at the beginning of this month but now, a new report (opens in new tab) from Cyfirma has revealed even more details on how this password-stealing malware is being distributed in the wild.
What sets Erbium apart from other malware is that it’s actually Malware-as-a-Service (MaaS). In this scenario, cybercriminals pay a monthly or annual fee to the malware’s creators for access so that they can use it in their attacks.
Undercutting the Malware-as-a-Service market
Beginning in July, security researchers observed that Erbium was being promoted on Russian-speaking forums. While access to the malware initially cost just $9 per week, its price increased to $100 per month or $1,000 annually once Erbium gained popularity among cybercriminals.
The RedLine stealer is another popular malware used by cybercriminals in their attacks. However, access to Erbium costs significantly less, which has helped it become popular so quickly.
On an infected machine, Erbium is capable of stealing data stored in either Chromium or Gecko-based web browsers including passwords, cookies, credit card data and autofill information. The malware is also able to steal data from a number of popular cryptocurrency wallets that offer browser extensions.
Erbium goes a step farther though as the malware can steal crypto from cold desktop wallets including Exodus, Atomic, Armory, Bitecoin-Core, Bytecoin, Dash-Core, Electrum, Electron, Coinomi, Ethereum, Litecoin-Core, Monero-Core, Zcash, and Jaxx. It can also steal two-factor authentication (2FA) codes from Trezor Password Manager, EOS Authenticator, Authy 2FA, and Authenticator 2FA. Gamers aren’t safe either as Erbium can steal Steam and Discord tokens.
Still a work in progress
Erbium is a relatively new malware strain but despite that fact, it’s already been quite well received by the cybercriminal community.
Even though it’s still a work in progress, users on dark web hacking forums have praised the way in which its creator has been open to requests for new features and functionality.
So far, Erbium infections have been detected in the U.S., France, Colombia, Spain, Italy, India, Vietnam and Malaysia according to Cluster25.
The first Erbium campaign discovered used game cracks as lures in order to target software pirates. However, now that the malware has become more popular, other cybercriminals could devise new ways to distribute this dangerous, password-stealing malware so be on the lookout.
How to stay safe from password-stealing malware
Password-stealing malware like Erbium and RedLine can throw your whole life into turmoil, as you’ll be locked out of your online accounts. Unlike with ransomware, there’s no way to recover your stolen data.
As such, you should ensure that you have one of the best antivirus software solutions installed on your PC, the best Mac antivirus software on your Mac and one of the best Android antivirus apps on your Android smartphone. This way, you’ll be able to stop an infection before it happens as opposed to trying to clean up the mess afterwards.
At the same time, you should avoid saving passwords in your browser and use one of the best password managers instead.
If you do happen to fall victim to password-stealing malware, you may want to invest in one of the best identity theft protection services to help speed up the restoration process.
Read next: A new iOS tool could be a malware nightmare, and this is how iPhone owners can stay safe.