Russian cybercrime groups stole passwords across 111 countries

Share post:

According to Group IB, at least 34 distinct Russian-speaking cybercrime groups targeting Amazon, PayPal, and Steam with info-stealing malware under the stealer-as-a-service model like Raccoon and Redline have collectively stolen 50,350,000 account passwords.

They also stole bank account details, cryptocurrency wallet data, and other sensitive information from victims from over 896,000 individual infections in 111 countries, with the United States, Brazil, India, Germany, and Indonesia being the most commonly targeted.

On underground forums, the stolen passwords and compromised card details are estimated to be worth around $5.8 million. Malware-as-a-service allows low-level criminals to gain access to malware, which they then use to infect victims. These attackers either pay a fee upfront for using the malware or pay the author a percentage of the profits from their attacks.

Group-IB Digital Risk Protection analysts discovered how some “workers” (low-rank online scammers) began shifting to a more dangerous criminal scheme that involves distributing info stealers by tracking the evolution of the popular scam scheme Classiscam. Furthermore, the illicit business of thieves, which is coordinated through Telegram groups, employs the same operational model as Classiscam.

Following a successful attack, the scammers either profit from the stolen data or sell it in the cybercriminal underground. RedLine is the most popular stealer among the groups studied by Group-IB, being used by 23 of the 34 gangs.

Racoon comes in second with 8 groups using this tool. Custom thieves are used in three communities. Administrators typically provide employees with both RedLine and Racoon in exchange for a portion of the stolen data or money. The malware in question, on the other hand, is available for rent on the dark web for $150-200 per month. Some groups use three stealers at the same time, while others only have one stealer.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways