Hackers Deliver Erbium Password-Stealing Malware Through Fake Cracks and Cheats

Several popular video games are now being infected with the brand new Erbium malware, which steals personal and sensitive information. 

The spread of this malware is happening because hackers are disguised as cracks and cheats for popular video games. Hackers are using them to steal the credentials and cryptocurrency wallets of victims.

In the cybercrime community, Erbium is a new MaaS that has gained popularity due to the following reasons:-

• Extensive Functionality
• Customer Support
• Competitive Pricing

Capabilities of Erbium

Here below we have mentioned all the capabilities of the Erbium malware:-

• Ability to enumerate drives.
• Ability to enumerate paths, files, and folders.
• Capability to load other libraries, processes, and DLLs in memory.
• Ability to Gather System Information.
• Network communication capability.
• Collecting user credentials, such as passwords, from a range of popular chat and email programs, as well as web browsers.
• Ability to obtain information from various installed applications.
• Ability to obtain cryptocurrency wallet information [log-in credentials and stored funds].
• Ability to collect data of Authentication (2FA) and password-managing software.

Erbium: MaaS operation

Since July 2022, the threat actors have been promoting Erbium malware on Russian-speaking forums. As of yet, it is unclear whether the system will be used in the wild or not.

As of late August, Erbium’s weekly price has risen to the following price due to its popular popularity, which originally cost $9 per week.

Here is the increased price chart:-

• Monthly Plan: $100
• Yearly Plan: $1000

Erbium has the same characteristics as other types of malware that steal information from applications that are built on Chromium or Gecko. 

Among the types of information it steals, the following is a list of what it steals:-

• Passwords
• Cookies
• Credit cards
• Debit cards
• Autofill information

Wallets Targeted

Here below we have mentioned all the wallets that are targeted:-

• Exodus
• Atomic
• Armory
• Bitecoin-Core
• Bytecoin
• Dash-Core
• Electrum
• Electron
• Coinomi
• Ethereum
• Litecoin-Core
• Monero-Core
• Zcash
• Jaxx

For the purpose of exfiltrating data to the server, an API system has been built into the C2. Using the Erbium dashboard, the operator can keep track of what has been stolen from each infected host.

Game cracks were used as lures in the first Erbium campaign. The distribution channels could, however, diverge in a significant way at any time in the future. Depending on how the buyer chooses to push the malware, different methods might be used to distribute it.

Download Free SWG – Secure Web Filtering – E-book