Security News > 2022 > November > Russian cybergangs stole over 50 million passwords this year
At least 34 distinct Russian-speaking cybercrime groups using info-stealing malware like Raccoon and Redline have collectively stolen 50,350,000 account passwords from over 896,000 individual infections from January to July 2022.
"The influx of a huge number of workers into the popular scam Classiscam, at its peak, comprised over a thousand criminal groups and hundreds of thousands of fake websites has led to criminals competing for resources and looking for new ways to make profits," comments Group-IB. "The popularity of schemes involving stealers can be explained by the low entry barrier. Beginners do not need to have advanced technical knowledge as the process is fully automated, and the worker's only task is to create a file with a stealer in the Telegram bot and drive traffic to it." - Group-IB. Currently, there are 34 active cybercrime groups on Telegram that operate as mass-scale information-stealing gangs, each with roughly 200 members.
23 of the groups use the Redline stealer, eight employ Raccoon, and three use their own custom malware.
Group-IB also notes that in the first seven months of this year the actors focused on stealing of Steam, Epic Games, and Roblox accounts, recording a five-fold increase compared to last year.
These private Telegram channels offer support and technical guidance to operatives, can serve as data exfiltration points, host important announcements, act as bug-reporting portals, and also feature bots that can generate custom malware builds for clients 24/7. The groups still abide by hierarchical rules, with the "Administrators" sitting at the top of the rank, selling access to info-stealing malware to "Workers" for a few hundred USD per month.
Aurora infostealer malware increasingly adopted by cybergangs.