Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

New Infostealer Malware ‘Erbium’ Offered as MaaS for Thousands of Dollars

Security researchers are warning of a new information stealer named Erbium being distributed under the Malware-as-a-Service (MaaS) model.

The threat made its initial appearance in late July, when a Russian speaking threat actor started advertising it on a dark web forum.

Security researchers are warning of a new information stealer named Erbium being distributed under the Malware-as-a-Service (MaaS) model.

The threat made its initial appearance in late July, when a Russian speaking threat actor started advertising it on a dark web forum.

Initially, the developer was offering Erbium for up to $150 for a one-year license, but they are now requesting a minimum of $100 for a month of usage and thousands of dollars for the year-long license.

The malware author administers the service via a Telegram bot that also functions as a marketplace and as a control for the stolen data, cybersecurity solutions provider DuskRise explains.

The malware is being spread via drive-by-downloads, posing as cracked software/game hacks distributed through a free file hosting service, spear-phishing, malvertising, exploit kits, and malware loaders, cybersecurity company Cyfirma notes.

After being deployed on a victim’s machine, Erbium connects to Discord’s content delivery network (CDN) servers, and then starts collecting data, including system information, geolocation, information from a wide range of applications, and user files.

The threat targets browser data such as logins, cookies, history, and cold wallet information, data from browser plugins, and information from Steam, Discord, FTP clients, Telegram, and desktop cold wallets. The malware can also take screenshots.

According to DuskRise, the threat has been used in numerous attacks against targets located in the US, Colombia, France, India, Italy, Malaysia, Lebanon, Portugal, Romania, Spain, Turkey, and Vietnam.

The harvested user data is then offered for sale on various cybercriminal marketplaces and it can then be used to mount new attacks against victims, the security firms warn.

Related: New Ducktail Infostealer Targets Facebook Business Accounts via LinkedIn

Related: New Vidar Infostealer Campaign Hidden in Help File

Related: Microsoft Warns of New ‘Anubis’ Infostealer Distributed in the Wild

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.