Gangs targeting Amazon, PayPal, Steam and other accounts have stolen over 50 million passwords during the first half of 2022 alone, along with bank account details, cryptocurrency wallet data and other sensitive information from victims.
People have fallen victim to the attacks across the world, with the US, Brazil, India, Germany, and Indonesia most commonly targeted.
By using information-stealing malware, including Raccoon and Redline stealers, cyber criminals have collectively infected more than 890,000 users and stolen over 50 million passwords – as well as stealing details of over 103,000 bank cards and their data, which could be used to steal digital cash from more than 113,000 crypto wallets, according to the security company.
Analysis of cyber-criminal activity suggests that the campaigns are organized in Telegram channels – researchers identified 34 active chat groups based around stealing passwords, with around 200 members in each.
The tasks of workers, the scammers of the lower ranks, is to drive traffic to scam websites impersonating well-known companies and convince victims to download malicious files. Cyber criminals embed links for downloading stealers into video reviews of popular games or into mining software or 'lotteries' on social media.
The most commonly stolen passwords are for PayPal accounts, followed by Amazon, Steam, Roblox and Epic Games accounts.
The malware-as-a-service model allows low-level crooks to access malware that they then use to infect victims. These attackers either pay an upfront fee for using the malware, or provide the author with a cut of the profits from their attacks.
"The popularity of schemes involving stealers can be explained by the low entry barrier. Beginners do not need to have advanced technical knowledge as the process is fully automated," said a blog post by Group-IB's Digital Risk Protection team.
Redline stealer is also popular among the password-stealer attackers because it's cheap for would-be criminals to acquire, easy to use and has been available since 2020. Redline is commonly distributed using phishing emails with malicious attachments designed to exploit unpatched vulnerabilities in applications.
According to Group-IB, other methods the cyber criminals use to deliver malware to victims include distributing it within software downloads on file-sharing sites, as well as taking control of social media accounts and sharing a malicious link with their followers.
No matter what malware is being used or how it's delivered, if a victim becomes infected, it can provide cyber criminals with access to their passwords, bank details, cryptocurrency wallets, and more.
Stealing bank details or cryptocurrency will be costly for the victims, who could find that their accounts have been drained or used to make fraudulent purchases.
Meanwhile, stealing passwords can provide cyber criminals with a range of sensitive information that they can exploit for fraud themselves, or sell on underground forums. There's also the possibility that if the same password is used across multiple accounts, cyber criminals will be able to access them too.
"For victims whose computers become infected with a stealer, the consequences can be disastrous," warned researchers at Group-IB.
To avoid falling victim to this password-stealing malware campaign and other cyberattacks, researchers recommend that users avoid downloading software from suspicious or unknown sources, avoid saving passwords in their browser, and ensure they regularly clear their cookies.
Other steps that users can take to avoid unauthorized access to accounts include using multi-factor authentication, so in the event a password is stolen, it's much harder for a cyber criminal to use the account.