Security researchers have warned of a password-theft epidemic after revealing that Russian groups are using off-the-shelf info-stealing malware to devastating effect.
Group-IB said its analysis revealed 34 Telegram groups used by threat actors to organize their efforts, and that they’d infected over 890,000 user devices and stolen over 50 million passwords in the first seven months of 2022 alone.
The security vendor said each of these groups has as many as 200 active members. Many are well organized, and are used to participating in automated scam-as-a-service campaigns targeting marketplaces known as “Classiscam.”
This is achieved by setting up bait websites that impersonate well-known companies and lure victims into downloading malicious files. Links to such websites are, in turn, embedded into YouTube video reviews for popular games and lotteries on social media, or shared directly with NFT artists.
The findings also follow a new report from SEKOIA, which disclosed that seven different traffers teams have added an up-and-coming information stealer known as Aurora to their toolset.
“The popularity of schemes involving stealers can be explained by the low entry barrier,” Group-IB explained. “Beginners do not need to have advanced technical knowledge as the process is fully automated and the worker’s only task is to create a file with a stealer in the Telegram bot and drive traffic to it.”
Reference:
Leave a Reply