The new 'Erbium' information-stealing malware has been discovered that uses fake cracks and cheats for popular video games as a delivery method.
First reported by researchers at Cluster25's team earlier this month, Erbium is a new Malware-as-a-Service (MaaS) that offers a new info-stealer with extensive functionality. Customer support is also provided.
Now, cybersecurity firm Cyfirma has shared additional technical details on the Erbium sample they analyzed. The malware is designed to collect sensitive data, including passwords for apps, credit card numbers, web browser cookies (Cyberfox, Firefox, K-Meleon, BlackHawk, Pale Moon, Google Chrome, Thunderbird), auto-complete data, desktop files, machine data, installed software, crypto wallet stealing, etc. It then sends those details to the attacker command and control (C2) domain and can even download additional payloads from the C2 server.
“Recently CYFIRMA’s research team detected a new sample of Erbium stealer in wild. We observed one of the recent gaming campaigns where the threat actors lure gamers/players who want to acquire an unfair or prohibited edge over other players with the malicious binary posted on MediaFire [free service for file hosting],” the company said. “Threat actors are spreading this malware using drive-by-download techniques and pretending as cracked software/game hacks.”
While analyzing a 32-bit executable binary, the researchers found that it contained obfuscated contents to evade detection by security products and firewalls.
“The malicious executable decrypts the obfuscated contents by using XORing logic after which it drops the 32-bit Erbium stealer DLL binary in the %temp% location and loads that dropped file in the current process by calling LoadLibraryA API. The dropped DLL files establish a connection to the Erbium stealer C2 server. Erbium malware establishes the connection to Discord’s Content Delivery Network (CDN) servers,” the researchers explained.
The Erbium stealer malware is being sold on one of the Russian hacker forums at 500 Rubles (approx. $9) per week, 1500 Rubles (~$25) per month, and 10,000 Rubles (~$175) per year. The Erbium stealer team is offering the technical support as well.