Security News > 2022 > September > New Erbium password-stealing malware spreads as game cracks, cheats
The new 'Erbium' information-stealing malware is being distributed as fake cracks and cheats for popular video games to steal victims' credentials and cryptocurrency wallets.
Erbium is a new Malware-as-a-Service that provides subscribers with a new information-stealing malware that is gaining popularity in the cybercrime community thanks to its extensive functionality, customer support, and competitive pricing.
Researchers at Cluster25's team were the first to report on Erbium earlier this month, but a new report by Cyfirma shares further information on how the password-stealing trojan is distributed.
Erbium also steals two-factor authentication codes from Trezor Password Manager, EOS Authenticator, Authy 2FA, and Authenticator 2FA. The malware can grab screenshots from all monitors, snatch Steam and Discord tokens, steal Telegram auth files, and profile the host based on the OS and hardware.
The malware uses three URLs for connecting to the panel, including Discord's Content Delivery Network, a platform that malware operators have heavily abused.
While the first Erbium campaign uses game cracks as lures, the distribution channels could diversify significantly anytime, as buyers of the malware may choose to push it via different methods.