Worldwide, a total of 890,000 computers were infected and more than fifty million passwords were stolen. This is the conclusion of security company Group-IB based on its own research. Investigators from the company identified 34 gangs behind the attacks using known malware such as RedLine and Raccoon Infostealer. This malware is capable of stealing login credentials from Google Chrome, Mozilla Firefox, and Opera, including saved passwords and credit card information, browser cookies, and auto-fill content.
Furthermore, the malware can steal data from cryptowallet extensions, login credentials and chat logs from Telegram and Discord, credentials for the Steam platform and Amazon, VPN passwords for NordVPN, OpenVPN, and ProtonVPN, FTP credentials stored in FileZilla, and text from specific files. In addition to 675,000 passwords, data for 4,500 crypto wallets was also stolen from Dutch computers. The stolen data is then sold on by the criminals or used themselves to commit fraud. The RedLine malware is the most popular according to Group-IB and is used by 23 of the 34 groups.
For the distribution of the password stealers, the attackers use links that they place in comments on YouTube, among other things. The malware is also added to software or posted on forums. Group-IB advises users not to download software from suspicious sources, to install separate virtual machines or alternative operating systems, not to store passwords in browsers, and to regularly delete cookies from the browser.
Read more about this topic at: Group-IB