"Russian Hackers Steal 50 Million Passwords From 111 Countries Using Infostealer Malware"
Group-IB found almost three dozen groups of Russian hackers using the stealer-as-a-service model to spread infostealer malware. An infostealer is a type of malware that collects browser credentials, payment card numbers, and cryptocurrency wallet credentials and sends them to threat actor-controlled servers. According to the researchers, the threat groups have infected 890,000 user devices with infostealers, stealing 50 million passwords in the first seven months of 2022, which is an increase of 80 percent over the previous period. Furthermore, threat actors stole 2,117,626,523 cookie files, 113,204 cryptocurrency wallets, and 103,150 credit cards. The digital risk protection team at Group-IB discovered that 34 groups of Russian hackers used Raccoon and Redline infostealer malware to steal passwords from Steam, Roblox, Amazon, PayPal, cryptocurrency wallets, and credit card information. PayPal and Amazon are the most targeted, accounting for 16 percent and 13 percent of all stolen data, respectively. The report discovered that Russian hackers coordinated their hacking activities through Russian-speaking Telegram groups with an average of 200 active members, most of whom were previously involved in Classiscam. Although they communicate in Russian, they target victims in 111 countries, mainly the US, Brazil, India, Germany, and Indonesia. Redline was ranked as the most popular malware by Group-IB researchers, with the variant being used by 23 of 34 groups. Raccoon infostealer malware came in second place, with only eight groups using it, while custom infostealers have only three groups dedicated to them. Group administrators provide their employees with both Redline and Raccoon infostealers and claim a cut of the stolen data or profits. Some organizations employ up to three infostealer malware variants, while others employ only one. Cybercriminals can rent malware from the dark web for as little as $150-200 per month. This article continues to discuss Group-IB's findings regarding groups of Russian hackers spreading infostealer malware.