Russian cybercrime groups stole passwords across 111 countries

According to Group-IB, at least 34 distinct Russian-speaking cybercrime groups targeting Amazon, PayPal, and Steam with info-stealing malware under the stealer-as-a-service model like Raccoon and Redline have collectively stolen 50,350,000 account passwords.

They also stole bank account details, cryptocurrency wallet data, and other sensitive information from victims from over 896,000 individual infections in 111 countries, with the United States, Brazil, India, Germany, and Indonesia being the most commonly targeted.

On underground forums, the stolen passwords and compromised card details are estimated to be worth around $5.8 million. Malware-as-a-service allows low-level criminals to gain access to malware, which they then use to infect victims. These attackers either pay a fee upfront for using the malware or pay the author a percentage of the profits from their attacks.

Group-IB Digital Risk Protection analysts discovered how some “workers” (low-rank online scammers) began shifting to a more dangerous criminal scheme that involves distributing info stealers by tracking the evolution of the popular scam scheme Classiscam. Furthermore, the illicit business of thieves, which is coordinated through Telegram groups, employs the same operational model as Classiscam.

Following a successful attack, the scammers either profit from the stolen data or sell it in the cybercriminal underground. RedLine is the most popular stealer among the groups studied by Group-IB, being used by 23 of the 34 gangs.

Racoon comes in second with 8 groups using this tool. Custom thieves are used in three communities. Administrators typically provide employees with both RedLine and Racoon in exchange for a portion of the stolen data or money. The malware in question, on the other hand, is available for rent on the dark web for $150-200 per month. Some groups use three stealers at the same time, while others only have one stealer.

The sources for this piece include an article in TheHackerNews.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web