Threat actors have been spreading the information-stealing malware-as-a-service
Erbium as phony video game cracks and cheats in an effort to facilitate credential and cryptocurrency wallet theft, according to BleepingComputer
Aside from stealing Chromium- or Gecko-based browser-stored data, including passwords, autofill information, credit cards, and cookies, Erbium also seeks to exfiltrate assets from cryptocurrency wallets installed as browser extensions, a Cyfirma report showed.
Researchers also found that cold desktop wallets, including Atomic, Armory, Bitecoin-Core, Coinomi, Dash-Core, Exodus, and Litecoin-Core, have also been targeted by Erbium. Moreover, two-factor authentication codes from Authenticator 2FA, Authy 2FA, EOS Authenticator, and Trezor Password Manager are also stolen by the malware, which also has the capability to capture screenshots, Steam and Discord tokens, and Telegram auth files.
Researchers noted that a built-in API system facilitates data exfiltration to the command-and-control infrastructure. The distribution channels for Erbium could still evolve depending on the malware's buyers, researchers added.