Threat actors have been spreading the information-stealing malware-as-a-service Erbium as phony video game cracks and cheats in an effort to facilitate credential and cryptocurrency wallet theft, according to BleepingComputer.
Aside from stealing Chromium- or Gecko-based browser-stored data, including passwords, autofill information, credit cards, and cookies, Erbium also seeks to exfiltrate assets from cryptocurrency wallets installed as browser extensions, a Cyfirma report showed.
Researchers also found that cold desktop wallets, including Atomic, Armory, Bitecoin-Core, Coinomi, Dash-Core, Exodus, and Litecoin-Core, have also been targeted by Erbium. Moreover, two-factor authentication codes from Authenticator 2FA, Authy 2FA, EOS Authenticator, and Trezor Password Manager are also stolen by the malware, which also has the capability to capture screenshots, Steam and Discord tokens, and Telegram auth files.
Researchers noted that a built-in API system facilitates data exfiltration to the command-and-control infrastructure. The distribution channels for Erbium could still evolve depending on the malware's buyers, researchers added.
Major stock market data research provider Zacks Investment Research has disclosed that 820,000 individuals had their data compromised in a data breach from November 2021 to August 2022, reports The Record, a news site by cybersecurity firm Recorded Future.