Security experts have issued a dire warning about a surge in password theft, as Russian cybercriminals leverage readily available malware to devastating effect. According to Group-IB, a cybersecurity firm, a staggering 34 Telegram groups have been identified as hubs for threat actors, who have managed to compromise over 890,000 devices and pilfer more than 50 million passwords in just the first half of 2022.
These nefarious groups, each boasting up to 200 active members, are highly organized and specialize in orchestrating automated scam campaigns under the moniker “Classiscam.” In these illicit operations, higher-ranking administrators delegate tasks to lower-level “workers” in exchange for a share of the ill-gotten gains. These workers are then tasked with driving traffic to counterfeit websites posing as reputable companies, with the aim of duping unsuspecting victims into downloading malicious files.
To lure in victims, cybercriminals embed links to information-stealing malware in various online avenues, such as YouTube video game reviews, mining software or NFT forums, and social media lotteries. Once deployed, this malware harvests sensitive data stored in web browsers, including login credentials for gaming platforms, email services, social media accounts, as well as financial information like credit card details and cryptocurrency wallet access.
Group-IB’s research indicates that these threat actors often deploy multiple malware variants simultaneously, with the RedLine and Racoon strains being particularly popular among 23 and 8 of the identified groups, respectively. Shockingly, these malware tools can be rented from the dark web for as little as $150-200 per month.
While PayPal (16%) and Amazon (13%) account for the majority of stolen passwords in 2022, cyberattacks targeting gaming services like Steam, EpicGames, and Roblox have surged nearly five-fold. The total number of compromised passwords has spiked by 80% compared to the previous year, with cybercriminals also targeting cookie files (up 74%), cryptocurrency wallets (up 216%), and payment card information (up 81%). The estimated value of the stolen data thus far exceeds $6 million.
In a statement, Group-IB’s Digital Risk Protection team highlighted the cutthroat competition among cybercriminals vying for resources in the lucrative Classiscam scam. They underscored the accessibility of information-stealing schemes to novice criminals, who can easily participate in automated operations with minimal technical expertise. However, for unsuspecting victims whose devices fall prey to information-stealing malware, the repercussions can be catastrophic.
As cybercriminals continue to exploit vulnerabilities and deploy sophisticated malware tools, it is imperative for individuals and organizations to remain vigilant and implement robust cybersecurity measures to safeguard against password theft and other malicious activities.