More than 50 million passwords have been exfiltrated by 34 Russian hacking groups through information-stealing malware, including Racoon and RedLine, during the first seven months of 2022, The Hacker News reports.
Such malware distributed using a stealer-as-a-service model has also been used to steal 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards, with the total haul estimated to have a market value of nearly $5.8 million, according to a Group-IB report. Over 890,000 devices across 111 countries have been compromised between January and July, most of which were in the U.S. Brazil, India, Germany, and Indonesia rounded up the top five countries impacted by the stealers.
The report also revealed that several groups involved in info-stealer deployment have been involved in the Classiscam operation, and have mainly engaged in Racoon and RedLine distribution.
"The popularity of schemes involving stealers can be explained by the low entry barrier. Beginners do not need to have advanced technical knowledge as the process is fully automated and the worker's only task is to create a file with a stealer in the Telegram bot and drive traffic to it," said Group-IB.
The surge comes after malicious actors impersonated well-known brands, such as Adobe Reader and Microsoft Teams, to deliver numerous malware strains, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer and Vidar.
At least 1,200 Redis database servers worldwide have been compromised by a sophisticated piece of malware since September 2021, while more than 2,800 uninfected servers remain at high risk of exploitation.