27 September 2022

New Erbium info-stealer spreads via fake cracks and cheats for popular video games


New Erbium info-stealer spreads via fake cracks and cheats for popular video games

The new 'Erbium' information-stealing malware has been discovered that uses fake cracks and cheats for popular video games as a delivery method.

First reported by researchers at Cluster25's team earlier this month, Erbium is a new Malware-as-a-Service (MaaS) that offers a new info-stealer with extensive functionality. Customer support is also provided.

Now, cybersecurity firm Cyfirma has shared additional technical details on the Erbium sample they analyzed. The malware is designed to collect sensitive data, including passwords for apps, credit card numbers, web browser cookies (Cyberfox, Firefox, K-Meleon, BlackHawk, Pale Moon, Google Chrome, Thunderbird), auto-complete data, desktop files, machine data, installed software, crypto wallet stealing, etc. It then sends those details to the attacker command and control (C2) domain and can even download additional payloads from the C2 server.

“Recently CYFIRMA’s research team detected a new sample of Erbium stealer in wild. We observed one of the recent gaming campaigns where the threat actors lure gamers/players who want to acquire an unfair or prohibited edge over other players with the malicious binary posted on MediaFire [free service for file hosting],” the company said. “Threat actors are spreading this malware using drive-by-download techniques and pretending as cracked software/game hacks.”

While analyzing a 32-bit executable binary, the researchers found that it contained obfuscated contents to evade detection by security products and firewalls.

“The malicious executable decrypts the obfuscated contents by using XORing logic after which it drops the 32-bit Erbium stealer DLL binary in the %temp% location and loads that dropped file in the current process by calling LoadLibraryA API. The dropped DLL files establish a connection to the Erbium stealer C2 server. Erbium malware establishes the connection to Discord’s Content Delivery Network (CDN) servers,” the researchers explained.

The Erbium stealer malware is being sold on one of the Russian hacker forums at 500 Rubles (approx. $9) per week, 1500 Rubles (~$25) per month, and 10,000 Rubles (~$175) per year. The Erbium stealer team is offering the technical support as well.


Back to the list

Latest Posts

Microsoft: Russia combines missile and cyberattacks in Ukraine

Microsoft: Russia combines missile and cyberattacks in Ukraine

In parallel with cyber threat activity Russia would likely conduct influence operations targeting Europe to undermine military and humanitarian assistance to Ukraine.
5 December 2022
Spanish police dismantle 'Black Panthers' SIM swap group

Spanish police dismantle 'Black Panthers' SIM swap group

The scammers stole about €250,000 from nearly 100 victims.
5 December 2022
Google releases emergency security update to fix Chrome zero-day bug

Google releases emergency security update to fix Chrome zero-day bug

With the new update the tech giant fixed the ninth Chrome zero-day since the start of 2022.
5 December 2022