HomeTechnologyComputingThese crooks have stolen millions of passwords. Here's how to avoid becoming...

These crooks have stolen millions of passwords. Here’s how to avoid becoming their next victim

Image: Getty

Gangs targeting Amazon, PayPal, Steam and other accounts stole more than 50 million passwords in the first half of 2022 alone, along with bank account details, cryptocurrency wallet details and other sensitive information from victims.

Detailed by cybersecurity researchers at security firm Group-IBthe password-stealing campaign is attributed to 34 different Russian-speaking cybercriminal groups involved in spreading malware-as-a-service programs.

People have fallen victim to the attacks all over the world, with the US, Brazil, India, Germany and Indonesia being the most targeted.

By using information stealing malware including Racoon and Red line collectively, cybercriminals have infected more than 890,000 users and stolen more than 50 million passwords – as well as details of more than 103,000 bank cards and data that can be used to steal from more than 113,000 crypto walletssaid the security company.

The stolen passwords and compromised card details are thought to be worth about $5.8 million in total underground forums.

Analysis of cybercriminal activity suggests that the campaigns are organized into Telegram channels – researchers identified 34 active chat groups based on stealing passwords, with about 200 members each.

The job of employees, the lower rank scammers, is to direct traffic to scam websites posing as well-known companies and convince victims to download malicious files. Cybercriminals embed stealer download links into video reviews of popular games or into mining software or social media “lotteries”.

The most commonly stolen passwords are for PayPal accounts, followed by Amazon, Steam, Roblox, and Epic Games accounts.

Also: A security researcher easily found my passwords and more: how my digital footprints left me surprisingly overexposed

The malware-as-a-service model gives scammers low-level access to malware that they then use to infect victims. These attackers either pay an upfront fee for using the malware or give the author a share of the profits from their attacks.

“The popularity of schemes involving stealers can be explained by the low barrier to entry. Beginners are not required to have advanced technical knowledge as the process is fully automated,” said one blog post by the Group-IB Digital Risk Protection team.

Raccoon stealer is the most commonly used malware in these password attacks. The malware is not that advanced, but it has been successful for years and is often spread by misusing botnets to broadcast phishing emails.

The Redline stealer is also popular among password-stealing attackers because it is cheap for would-be criminals to acquire and easy to use. is available since 2020. Redline is often distributed via phishing emails that contain malicious attachments designed to exploit unpatched application vulnerabilities.

According to Group-IB, other methods used by the cybercriminals to deliver malware to victims include spreading it within software downloads on file-sharing sites, as well as taking over social media accounts and sharing a malicious link with their followers.

Also: My stolen credit card information was used 4,500 miles away. I tried to figure out what happened

No matter what malware is used or how it is delivered, if a victim becomes infected, it can give cybercriminals access to their passwords, banking details, cryptocurrency wallets, and more.

Stealing bank details or cryptocurrency will be costly for victims, who could discover that their accounts have been drained or used to make fraudulent purchases.

Meanwhile, stealing passwords can provide cybercriminals with a range of sensitive information that they themselves can misuse for fraud or sell on underground forums. It is also possible that if the same password is used for multiple accounts, cybercriminals can also access it.

“For victims whose computers become infected with a stealer, the consequences can be disastrous,” researchers warned.

To avoid falling victim to this password-stealing malware campaign and other cyberattacks, researchers advise users not to download software from suspicious or unknown sources, not to store passwords in their browsers, and to clear their cookies on a regular basis.

Other steps users can take to prevent unauthorized access to accounts include using multifactor authenticationso if a password is stolen, it is much more difficult for a cybercriminal to use the account.

Users should also avoid using the same password for multiple accounts, especially if it is a commonly used or weak password.


Must Read
Remote work or back to the office? Bosses are clear which they want


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments