An information-stealing malware has been spreading as fake cracks and cheats for famous video games. The stealer, named Erbium, pilfers credentials from popular web browsers and exfiltrates data from a large set of crypto wallets.
About Erbium
Researchers from Cluster25 first reported the Erbium information stealer earlier this month. However, another report from Cyfirma provides more details on how the malware is spreading.
- Erbium is a MaaS, which is becoming popular due to its functionality, competitive pricing, and customer support.
- Since July, the stealer has been advertised on Russian-speaking forums. However, no actual deployment was observed. It initially cost $9 per week, and went up to $100 per month or $1,000 for a year.
Cluster25 reported Erbium infections in the U.S., France, Spain, Italy, India, Colombia, Malaysia, and Vietnam. Additionally, while the identified campaign was using game cracks as lures, future campaigns may allow a buyer of this service to spread the stealer in a customized way.
Data stealing capabilities
Erbium steals data saved in web browsers (Chromium or Gecko), such as passwords, cookies, credit cards, and autofill details.
- Moreover, it grabs screenshots from all monitors, steals Steam and Discord tokens, steals Telegram auth files, and profiles the host. It uses three URLs to connect to the panel, such as Discord CDN.
- It can steal data from a large set of cryptocurrency wallets being installed as extensions in web browsers. Some of the targeted cold wallets are Exodus, Bitecoin-Core, Atomic, Armory, Bytecoin, Dash-Core, Electrum, Coinomi, Ethereum, Litecoin-Core, Electron, Monero-Core, Jaxx, and Zcash.
- Besides, it can intercept 2FA codes from EOS Authenticator, Authy 2FA, Authenticator 2FA, and Trezor Password Manager.
Staying safe
Erbium is becoming popular due to its wide range of targeted entities, and its use is expected to increase among attackers in near future. To stay safe from such threats, it is recommended to avoid downloading pirated or fake software and scan all downloaded files. Further, always keep software up to date by installing recent security patches.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/9ae7_shutterstock_1329983519.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/2baf_shutterstock_1881482197.jpg)
