Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

New Infostealer Malware ‘Erbium’ Offered as MaaS for Thousands of Dollars

Security researchers are warning of a new information stealer named Erbium being distributed under the Malware-as-a-Service (MaaS) model.

The threat made its initial appearance in late July, when a Russian speaking threat actor started advertising it on a dark web forum.

Security researchers are warning of a new information stealer named Erbium being distributed under the Malware-as-a-Service (MaaS) model.

The threat made its initial appearance in late July, when a Russian speaking threat actor started advertising it on a dark web forum.

Initially, the developer was offering Erbium for up to $150 for a one-year license, but they are now requesting a minimum of $100 for a month of usage and thousands of dollars for the year-long license.

The malware author administers the service via a Telegram bot that also functions as a marketplace and as a control for the stolen data, cybersecurity solutions provider DuskRise explains.

The malware is being spread via drive-by-downloads, posing as cracked software/game hacks distributed through a free file hosting service, spear-phishing, malvertising, exploit kits, and malware loaders, cybersecurity company Cyfirma notes.

After being deployed on a victim’s machine, Erbium connects to Discord’s content delivery network (CDN) servers, and then starts collecting data, including system information, geolocation, information from a wide range of applications, and user files.

The threat targets browser data such as logins, cookies, history, and cold wallet information, data from browser plugins, and information from Steam, Discord, FTP clients, Telegram, and desktop cold wallets. The malware can also take screenshots.

According to DuskRise, the threat has been used in numerous attacks against targets located in the US, Colombia, France, India, Italy, Malaysia, Lebanon, Portugal, Romania, Spain, Turkey, and Vietnam.

Advertisement. Scroll to continue reading.

The harvested user data is then offered for sale on various cybercriminal marketplaces and it can then be used to mount new attacks against victims, the security firms warn.

Related: New Ducktail Infostealer Targets Facebook Business Accounts via LinkedIn

Related: New Vidar Infostealer Campaign Hidden in Help File

Related: Microsoft Warns of New ‘Anubis’ Infostealer Distributed in the Wild

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.