A recently discovered malware named Erbium has been causing widespread disruption on the internet for the past few months. Primarily distributed through cracks and cheats for popular video games, this malicious software is designed to pilfer credit card details, passwords, and compromise cryptocurrency wallets.

Initial insights into the malware were provided by cybersecurity researchers at Cluster25, who disclosed in a blog post that Erbium was initially available for subscription at a meager $9 per week in July when it began gaining popularity. However, the cost has now surged to approximately $100 per month, with a yearly license fetching up to $1,000, as indicated in the post.

Cybersecurity firm Cyfirma’s team also observed Erbium being advertised on Russian-speaking hacker forums, where it is presented as a Malware-as-a-Service (MaaS). This implies that the malware is accessible to anyone with sufficient funds and even includes a ‘customer support’ feature, as highlighted in the research company’s blog post.

Researchers at Cluster25 suggest that Erbium has already spread to various countries, including the USA, France, Spain, Italy, Vietnam, Malaysia, Colombia, and India. While currently associated with game cracks, there is concern that it could soon employ alternative delivery methods.

Erbium functions similarly to other data-stealing malware by targeting user data stored in web browsers such as Google Chrome, Microsoft Edge, and Mozilla Firefox. It specifically focuses on extracting information like passwords, cookies, autofill details, and credit card information. Additionally, the malware attempts to pilfer data from cryptocurrency wallets incorporated as browser extensions.

Cyfirma’s research notes that Erbium uses obfuscated content to evade detection by firewalls and other security products. It affects cold desktop wallets like Exodus, Ethereum, Litecoin-Core, Monero-Core, Bytecoin, and also has the capability to steal two-factor authentication codes from apps such as Trezor Password Manager, Authenticator 2FA, and Authy 2FA. Furthermore, it can capture screenshots from all monitors, seize Telegram authentication files, and acquire Steam and Discord tokens.

Once Erbium completes its data theft, the information is transmitted using a built-in API system, providing operators with an overview of the stolen data and its source through Erbium’s Dashboard.

To safeguard against this threat, users are advised to refrain from downloading game cracks or cracked software. Instead, they should install robust antivirus solutions and regularly update their systems with the latest security patches.