Password-stealing Erbium malware is spreading fast — and loved by cybercriminals

A magnifying glass showing the word malware
(Image credit: Shutterstock)

A new password-stealing malware called Erbium that is currently being distributed as fake cracks and cheats for popular video games is gaining popularity among cybercriminals.

As reported by BleepingComputer, this new malware is capable of stealing credit card info, cookies and cryptocurrency wallets in addition to passwords.

DuskRise’s Cluster 25 Threat Intel Team published the first report on Erbium at the beginning of this month but now, a new report from Cyfirma has revealed even more details on how this password-stealing malware is being distributed in the wild.

What sets Erbium apart from other malware is that it’s actually Malware-as-a-Service (MaaS). In this scenario, cybercriminals pay a monthly or annual fee to the malware’s creators for access so that they can use it in their attacks.

Undercutting the Malware-as-a-Service market 

Beginning in July, security researchers observed that Erbium was being promoted on Russian-speaking forums. While access to the malware initially cost just $9 per week, its price increased to $100 per month or $1,000 annually once Erbium gained popularity among cybercriminals.

The RedLine stealer is another popular malware used by cybercriminals in their attacks. However, access to Erbium costs significantly less, which has helped it become popular so quickly.

On an infected machine, Erbium is capable of stealing data stored in either Chromium or Gecko-based web browsers including passwords, cookies, credit card data and autofill information. The malware is also able to steal data from a number of popular cryptocurrency wallets that offer browser extensions.

Erbium goes a step farther though as the malware can steal crypto from cold desktop wallets including Exodus, Atomic, Armory, Bitecoin-Core, Bytecoin, Dash-Core, Electrum, Electron, Coinomi, Ethereum, Litecoin-Core, Monero-Core, Zcash, and Jaxx. It can also steal two-factor authentication (2FA) codes from Trezor Password Manager, EOS Authenticator, Authy 2FA, and Authenticator 2FA. Gamers aren’t safe either as Erbium can steal Steam and Discord tokens.

Still a work in progress 

A hacker typing on a computer

(Image credit: Shutterstock)

Erbium is a relatively new malware strain but despite that fact, it’s already been quite well received by the cybercriminal community.

Even though it’s still a work in progress, users on dark web hacking forums have praised the way in which its creator has been open to requests for new features and functionality.

So far, Erbium infections have been detected in the U.S., France, Colombia, Spain, Italy, India, Vietnam and Malaysia according to Cluster25.

The first Erbium campaign discovered used game cracks as lures in order to target software pirates. However, now that the malware has become more popular, other cybercriminals could devise new ways to distribute this dangerous, password-stealing malware so be on the lookout.

How to stay safe from password-stealing malware

Password-stealing malware like Erbium and RedLine can throw your whole life into turmoil, as you’ll be locked out of your online accounts. Unlike with ransomware, there’s no way to recover your stolen data.

As such, you should ensure that you have one of the best antivirus software solutions installed on your PC, the best Mac antivirus software on your Mac and one of the best Android antivirus apps on your Android smartphone. This way, you’ll be able to stop an infection before it happens as opposed to trying to clean up the mess afterwards. 

At the same time, you should avoid saving passwords in your browser and use one of the best password managers instead. 

If you do happen to fall victim to password-stealing malware, you may want to invest in one of the best identity theft protection services to help speed up the restoration process.

Read next: A new iOS tool could be a malware nightmare, and this is how iPhone owners can stay safe.

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
and image of the Google Chrome logo on a laptop
Google Docs under attack from info-stealing malware — how to keep your data and your emails safe
Malware
New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe
and image of the Google Chrome logo on a laptop
Google Chrome at risk from shape-shifting browser extensions — how to stay safe
Reddit logo and Reddit logo on phone
Hackers have created hundreds of fake Reddit sites to spread info-stealing malware
A hacker typing quickly on a keyboard
Thousands of WordPress sites hijacked to spread Windows and Mac malware - how to stay safe
MacBook Pro 2021 (16-inch) on a patio table
Millions of Mac owners urged to be on alert for info-stealing malware
Latest in Malware & Adware
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Green skull on smartphone screen.
This Android banking trojan steals passwords to take over your accounts — and all it takes is a single text message
PayPal logo on iPhone
Watch out! Scammers are using this PayPal setting to take over your PC
A laptop displaying the Chrome logo
Don't click this — malicious ads impersonating Google Chrome spreading dangerous malware
Latest in News
Sonos logo on a smart speaker
Sonos halts work on rumored super steaming device — what's next?
NYTimes Connections
NYT Connections today hints and answers — Thursday, March 13 (#641)
HomePod with display concept render
Apple HomePod with display now rumored for late 2025 launch
The Apple Watch Series 10 on display at the device's launch in September 2024
Apple Watch sales plummet 19% as smartwatch market declines for first time
Google's Project Astra working on prototype smartglasses in an advertisement
Google just acquired this eye tracking company — hinting at the return of Google glasses
iPhone 17 Air render
iPhone 17 Air could be just 5.5mm thick — but 9.5mm when you throw in the camera bump