One of the global leaders in cybersecurity, Group-IB, has identified 34 Russian hacking groups involved in using a stealer-as-a-service business model to spread info stealer malware and credentials from online gaming and payment accounts. In the first seven months of 2022, the gangs collectively infected over 890,000 user devices and stole over 50 million passwords. In easier words, an info stealer is a type of malware that collects credentials stored in browsers (including gaming accounts, email services, and social media), bank card details, and crypto wallet information from infected computers and then send all this data to the malware operator.
Russian Hacking Groups Used Racoon and Redline stealers
In order to gain access to the gaming accounts on Steam and Roblox, credentials information on Amazon and PayPal, as well as users’ payment records and crypto wallet information, the Russian hacking groups used Racoon and Redline stealers. All the identified groups plan their attacks via Russian-language Telegram groups. The main users they targeted belong to the United States, Brazil, India, Germany, and Indonesia.
The most popular stealer RedLine was used by 23 out of 34 gangs, while Racoon ranks second, which was used by 8 groups. In the first 7 months of 2022, threat actors stole 50,352,518 passwords, 2,117,626,523 cookie files, details of 103,150 bank cards, and data from 113,204 crypto wallets. As per Group-IB’d experts’ estimation, the underground market value of just the stolen logs and compromised card details is around $5.8 million.
The Affected Pakistani Users
From March 2021 – December 202, the operators of the info stealers infected 5,390 devices in Pakistan; meanwhile, the number grew to 16,591 in 2022. From the infected devices, the scammers could retrieve 1,432,825 passwords (up from 226,213 from March-December 2021), 1,122 sets of payment records, and 1,494 sets of crypto wallet information such as credentials, seed phrases, and more. Group-IB Digital, Risk Protection experts, recommend that users refrain from downloading software from suspicious sources, avoid saving passwords in browsers, and regularly clear browser cookies.
Also read: Pakistani Women are Most Vulnerable to Harassment on Facebook and WhatsApp: Report