Threat actors have been spreading the information-stealing malware-as-a-service Erbium as phony video game cracks and cheats in an effort to facilitate credential and cryptocurrency wallet theft, according to BleepingComputer.
Aside from stealing Chromium- or Gecko-based browser-stored data, including passwords, autofill information, credit cards, and cookies, Erbium also seeks to exfiltrate assets from cryptocurrency wallets installed as browser extensions, a Cyfirma report showed.
Researchers also found that cold desktop wallets, including Atomic, Armory, Bitecoin-Core, Coinomi, Dash-Core, Exodus, and Litecoin-Core, have also been targeted by Erbium. Moreover, two-factor authentication codes from Authenticator 2FA, Authy 2FA, EOS Authenticator, and Trezor Password Manager are also stolen by the malware, which also has the capability to capture screenshots, Steam and Discord tokens, and Telegram auth files.
Researchers noted that a built-in API system facilitates data exfiltration to the command-and-control infrastructure. The distribution channels for Erbium could still evolve depending on the malware's buyers, researchers added.
Privacy, Data Security, Threat Management, Malware
Fake game cracks, cheats used for Erbium malware distribution
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds