These crooks have stolen millions of passwords. Here’s how to avoid becoming their next victim

Image: Getty

Gangs targeting Amazon, PayPal, Steam and other accounts have stolen over 50 million passwords during the first half of 2022 alone, along with bank account details, cryptocurrency wallet data and other sensitive information from victims.

Detailed by cybersecurity researchers at security company Group-IB, the password-stealing campaign is attributed to 34 different Russian-speaking cyber criminal groups involved in distributing malware-as-a-service schemes. 

People have fallen victim to the attacks across the world, with the US, Brazil, India, Germany, and Indonesia most commonly targeted. 

By using information-stealing malware including Raccoon and Redline stealers, cyber criminals have collectively infected over 890,000 users and stolen over 50 million passwords – as well as stealing details of over 103,000 bank cards and data which could be used to steal from over 113,000 crypto wallets, according to the security company.

The stolen passwords and compromised card details are thought to be worth a total of around $5.8 million on underground forums

Analysis of cyber criminal activity suggests that the campaigns are organized in Telegram channels – researchers identified 34 active chat groups based around stealing passwords, with around 200 members in each. 

The tasks of workers, the scammers of the lower-ranks is to drive traffic to scam websites impersonating well-known companies and convince victims to download malicious files. Cybercriminals embed links for downloading stealers into video reviews of popular games or into mining software or ‘lotteries’ on social media.

The most commonly stolen passwords are for PayPal accounts, followed

Read more

Explore the site

More from the blog

Latest News