34 Russian Hacker Groups Stole Over 50 Million Passwords with Stealer Malware
Reading Time: 2 minutes

Nearly 34 Russian hacker groups managed to steal over 50 million passwords using Stealer Malware. Stealer Malware works under the stealer-as-a-service model, we are already experiencing the wrath in the first seven months of 2022. 

Group-IB, headquarters based in Singapore reported, “The underground market value of stolen logs and compromised card details is estimated around $5.8 million.”

Besides stealing passwords the bad actors also managed to harvest2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards.

According to our data, most of the victims are in the U.S., followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, and Vietnam. The total number of infected devices is 890,000 in 111 countries.

Group-IB says that some of the people from scam groups who are distributing information stealers were previously involved in the Classiscam operation.34 Russian Hacker Groups Stole Over 50 Million Passwords with Stealer Malware_1The groups that we have identified have around 200 members and are hierarchical with an admin at the top, followed by lower-level workers or “traffers” who are responsible for driving unsuspecting users to info-stealers like Red Line and Raccoon.

The process usually begins with setting up a bait website that mimics the logo, colors, and fonts of popular companies. Links are then embedded in YouTube video reviews for popular games or lotteries on social media or shared directly with NFT artists.

Companies are typically giving their workers both RedLine and Racoon to give them the appropriate tools they need to steal data and make progress. Some groups will use 3 stealers while others will only have 1 or 2.34 Russian Hacker Groups Stole Over 50 Million Passwords with Stealer Malware_2If a cybercriminal successfully compromises a company, they attempt to break into other companies with the information they stole. They will use this information to both make money and spread their malware.

The report highlights the essential role of Telegram in facilitating a number of criminal activities, including serving as a hub for announcing new products, offering customer support, and exfiltrating data from compromised devices.

New research has found that seven different cyber-security teams are using an up-and-coming information stealer called ‘Aurora’ in their toolset.

We want to commiserate with you. Schemes involving stealers are popular because they require little expertise. Beginners don’t need advanced technical knowledge, as the process is automated, and the worker’s only task is to create a file with a stealer in the Telegram bot.

Related Articles:
European Police Nabs Hacker Gang That Used Wireless Key Fobs to Steal Cars
LockBit Ransomware Gang Member Nabbed in Canada
Cracked Version of Cobalt Strike Hacking Toolkit Identified by Google in the Wild