Nearly 34 Russian-speaking gangs using the stealer-as-a-service business model to distribute information-stealing software obtained no less than 50 million credentials during the first seven months of 2022. The hackers stole not only passwords but also 2.11 billion cookie data, 113,204 crypto wallets, and 103,150 credit and debit cards.
“The underground market value of stolen logs and compromised card details is estimated around $5.8 million,” Singapore-headquartered Group-IB said in a report.
The United States has the highest number of victims, followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. During that time, 890,000 devices across 111 nations were affected. Group-IB stated that some members of the scam groups previously took part in the Classiscam operation.
These hierarchical groups, which are active on Telegram and often have 200 members, are made up of administrators and workers (also known as traffers), the latter leading gullible individuals to info-stealers like RedLine and Raccoon. This is done by creating bait websites that pose as well-known businesses to trick people into downloading dangerous files. Links to these websites are then shared directly with NFT artists or included in YouTube video critiques of well-known games and lotteries on social media.
According to the company, administrators frequently provide employees with both RedLine and Racoon in return for a portion of the stolen data or cash. While some teams deploy three stealers at once, others only have one stealer at their disposal. After a successful compromise, cybercriminals sell the stolen data on the dark web to profit.
The finding underlines Telegram’s pivotal role in supporting various illegal actions, including serving as a focal point for providing customer service, publicizing product upgrades, and stealing data from hacked devices. The discoveries come in the wake of a new SEKOIA study that exposed the addition of an emerging information thief by the name of Aurora to the toolkits of seven separate traffers teams.
Group-IB elucidated that the low entrance barrier may be used to account for the prevalence of theft-related schemes. Beginners don’t require sophisticated technological expertise because the procedure is entirely automated, and the worker’s sole responsibility is to generate a file with a stealer in the Telegram bot and direct traffic to it.