Security researchers warn the public about the spread of info-stealing malware initiated by at least 34 Russian hacking groups.
Group-IB, a group of Singaporean security experts, detected cybercrime gangs using off-the-shelf malware that targets unsuspecting users.
Scammers Impersonate Reputed Companies To Steal Credentials
At least 34 distinct Russian-speaking hacking groups were discovered to have used info-stealing malware like Raccoon and Redline to collect data.
This resulted in 50,350,000 account passwords from 896,000 individual attacks stolen from January to July 2022, according to Bleeping Computer.
The stolen credentials are used to access cryptocurrency wallets, Steam, Roblox, Amazon, and Paypal accounts, as well as victims' payment card records.
The hackers' global operations got victims from Telegram, who were targeted from 111 countries such as the US, Germany, India, Brazil, and Indonesia.
In Group-IB's report, they revealed that these hackers impersonate big companies, which makes it easier to lure victims into downloading malicious files.
Once the info-stealing malware is on the victims' devices, it gathers data from the browser and transmits them to the hackers.
Bleeping Computer reports that this year, the spread of info-stealing malware has reached a peak level, even with low-skilled hackers joining in to make a large profit from illegal activities.
According to the security researchers, this influx of info-stealer malware deployment is fueled by a huge number of workers from the popular scam called Classiscam.
Classiscam is made out of criminal groups with thousands of fake websites from where cybercriminals look for resources to make a profit.
At the moment there are 34 known hacker groups with at least 200 members that operate mass-scale information hacking on targeted platforms as part of their campaign.
Read More: Russian Hackers Sandworm Fails in Attempt To Damage Ukraine's Energy Provider
Telegram Plays A Huge Role In These Scam-As-A-Service Attacks
Most of the Russian hacker groups are well-organized and are involved in automated attacks called scam-as-a-service perpetuated by low-level cybercriminals.
These low-level criminals are involved in phishing campaigns where they usually rent malware from the dark web for only $150 to $200 a month to steal as much as $6 million worth of data.
Scam-as-a-service is an online fraud that allows criminals to set up and manage their own scams by using tools and services that quickly launch phishing, social engineering, and other types of attacks.
According to Hack Read, this type of attack makes it convenient for criminals to defraud individuals and businesses that make sophisticated attacks possible.
Telegram plays a huge role in these operations since the platform provides them with a space to organize their campaigns and maintain organizational structures to accommodate their activities.
These private Telegram groups support and guide operatives, and serve as data exfiltration points, host important announcements, and generators of custom malware builds.
Telegram lets criminals conduct their scam-as-a-service activities with anonymity and without establishing a physical presence, Hack Read writes.
With that Group-IB advises the public that they can minimize the chances of having their devices infected by info-stealing malware by not enabling sketchy downloads.
Related Article: Ukraine Claims Russian Hackers Infiltrate Systems With New Somnia Ransomware