Powerful new malware disguised as game cheats can steal credit card details and crypto
Hackers are disguising a new information-stealing malware dubbed “Erbium” as fake game cracks and cheats for popular games, BleepingComputer reports.
The malware-as-a-service was first detected by cybersecurity researchers at Cluster25 earlier in September.
Cyfirma recently performed an in-depth analysis of Erbium and published a detailed report on its findings.
The malware’s list of exploitative capabilities is extensive, and can cause significant financial damage to its victims. Its features include:
- Ability to enumerate drives
- Ability to enumerate paths, files, and folders
- Capability to load other libraries, processes, and DLLs in memory
- Ability to gather system information
- Network communication capability
- Collecting user credentials, such as passwords and credit card details, from a range of popular chat and email programs, as well as web browsers
- Ability to obtain information from various installed applications
- Ability to obtain cryptocurrency wallet information, such as log-in credentials and stored funds
- Ability to collect data of Authentication (2FA) and password-managing software
Erbium has been particularly popular on Russian-speaking forums since July 2022.
Subscribers initially paid only $9 per week for access to Erbium, but its rising popularity has pushed the price to $100 per month or $1,000 per year.
The malware has been detected in several countries, including Colombia, France, India, Italy, Malaysia, Spain, the United States, and Vietnam.
BleepingComputer said although Erbium’s initial distribution channel is game cheats and cracks, it could expand to other methods soon.
The publication advised people to stay away from pirated software, scan all downloaded content with an antivirus tool, and install security updates for their operating systems and software to keep protection up to date.