Security researchers are warning of a new information stealer named Erbium being distributed under the Malware-as-a-Service (MaaS) model.
The threat made its initial appearance in late July, when a Russian speaking threat actor started advertising it on a dark web forum.
Initially, the developer was offering Erbium for up to $150 for a one-year license, but they are now requesting a minimum of $100 for a month of usage and thousands of dollars for the year-long license.
The malware author administers the service via a Telegram bot that also functions as a marketplace and as a control for the stolen data, cybersecurity solutions provider DuskRise explains.
The malware is being spread via drive-by-downloads, posing as cracked software/game hacks distributed through a free file hosting service, spear-phishing, malvertising, exploit kits, and malware loaders, cybersecurity company Cyfirma notes.
After being deployed on a victim’s machine, Erbium connects to Discord’s content delivery network (CDN) servers, and then starts collecting data, including system information, geolocation, information from a wide range of applications, and user files.
The threat targets browser data such as logins, cookies, history, and cold wallet information, data from browser plugins, and information from Steam, Discord, FTP clients, Telegram, and desktop cold wallets. The malware can also take screenshots.
According to DuskRise, the threat has been used in numerous attacks against targets located in the US, Colombia, France, India, Italy, Malaysia, Lebanon, Portugal, Romania, Spain, Turkey, and Vietnam.
The harvested user data is then offered for sale on various cybercriminal marketplaces and it can then be used to mount new attacks against victims, the security firms warn.
Related: New Ducktail Infostealer Targets Facebook Business Accounts via LinkedIn
Related: New Vidar Infostealer Campaign Hidden in Help File
Related: Microsoft Warns of New ‘Anubis’ Infostealer Distributed in the Wild
More from Ionut Arghire
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
- Chrome 111 Update Patches High-Severity Vulnerabilities
- BreachForums Shut Down Over Law Enforcement Takeover Concerns
- Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
Latest News
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
- CISA, NSA Issue Guidance for IAM Administrators
- Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- Tackling the Challenge of Actionable Intelligence Through Context
- Dole Says Employee Information Compromised in Ransomware Attack
