A new and dangerous new malware called Erbium is being advertised on hacking forums and has the potential to become a major threat. Erbium malware is an information stealer with extensive functionality, which is offered under the malware-as-a-service (MaaS) model.
MaaS provides hackers with an easy way to conduct attacks. The MaaS operators develop their malware and lease it out, usually charging a weekly, monthly, or annual subscription. The MaaS operator provides detailed instructions on how to conduct attacks, which means the malware can be used without having to become a programming expert. In fact, many MaaS operations make conducting attacks incredibly easy, requiring little in the way of technical skill. After signing up to use the malware, it can be operated via the web-based UI, where users can access the data stolen by the malware. Oftentimes, live chat is available to help resolve any issues.
Currently, one of the most popular information stealers available under the MaaS model is the RedLine Stealer, which is a highly capable malware variant that can be purchased or rented under a subscription model. The malware can steal information from browsers such as autocomplete data and saved credentials, steal from FTP and IM clients, and from cryptocurrency wallets. The latest variants allow users to upload and download files. RedLine has proven very popular; however, it is quite expensive.
Erbium malware is disrupting the market, offering broadly the same capabilities as RedLine but for a fraction of the cost. Initially, Erbium malware was being advertised at just $9 per week, although due to the popularity of the malware the price was increased to $100 per month. Even with the increase, the malware is far cheaper than RedLine, and based on user feedback, it is proving very popular with the cybercrime community.
Erbium malware is a work in progress, but it already has extensive capabilities. The malware can steal information from browsers such as saved credentials, cookies, credit card numbers, and autofill information. It can steal from cryptocurrency wallets installed on web browsers and attempts to steal from a wide range of cold desktop cryptocurrency wallets. The malware can also steal 2FA authentication codes from EOS Authenticator, Authy 2FA, Authenticator 2FA, and Trezor Password Manager, and steal Steam and Discord tokens, and Telegram auth files. The malware can profile the host and exfiltrate data via its API system to the command-and-control server. Users can log in to the UI and get an update on infections and access their stolen data.
As is quite common, the malware is distributed via fake software, fake cracks, and cheats for video games, so the best way to prevent infection is not to download these, and to only download software from reputable sources. Businesses can take additional steps to reduce risk, with the best defense being a web filtering solution.
Web filters are fed threat intelligence and incorporate blacklists of known malicious websites, such as sites used for distributing malware. They can also be configured to block access to certain categories of websites, such as warez sites and peer-2-peer file sharing networks, where pirated software, cracks, and product activators are made available.
Web filters allow businesses to enforce their acceptable internet usage policies and block web-based attacks, such as phishing, and malware downloads over the Internet, with WebTitan Cloud one of the easiest web filters to implement and use. WebTitan Cloud takes just a few minutes to set up and configure, and requires no technical skill to operate. Users can gain full visibility into the online activities on the network, including real-time views of Internet access, and can easily block malware downloads and restrict access to risky websites to prevent unauthorized software downloads.
WebTitan Cloud is an award-winning DNS-based web filter that is consistently highly rated on independent business software review sites and allows businesses to easily improve their security posture and reduce legal risk. The full product is available on a free trial, with full product support provided throughout the trial. For more information about web security and content control with WebTitan Cloud, give the TitanHQ team a call today.