Researchers have discovered a new malware in the wild called “Erbium,” it is currently being distributed via fake game cheats. Users, especially gamers, must watch out for game cracks and cheats from untrusted sources to avoid this malware.
What is Erbium Malware
Researchers from cybersecurity services, Cluster25, DuskRise and Cyfirma, have analyzed the new Erbium malware and discovered that it serves as a potent infostealer and is available as malware-as-a-service on the dark web.
Briefly, DuskRise researchers first detected the malware in July 2022, when a Russian seller advertised the new malware as “one of the best.” Initially up for sale for between 9 and 150 dollars, the malware gradually increased its price tag given the high demand. The threat actors are selling the malware for weekly and annual subscriptions, and managing the sales via a Telegram bot.
Regarding the functionalities, researchers found the Erbium malware utilizes the following:
- Enumerating drives, files, and folders
- Collecting system information, including the device identifiers and geolocation
- Network communication
- Stealing user details such as login credentials from various popular email or messaging apps and web browsers, and crypto wallet details
- Taking screenshots
- Collect the list of installed apps
- Load other libraires and DLLs in memory
- Collect 2FA data and read password managers
The malware also communicates with Discord’s CDN to load other malware on the target device.
Further analysis of the malware revealed that Erbium is written in Microsoft Visual C++ . Upon reaching the target device, the malware executable drops the infostealing DLL file in the temp location, which then loads in memory. The DLL then connects with the CDN (or the hacker’s panel) for further instructions.
While the malware has been in the wild for several months, researchers observed a huge spike in its distribution in September 2022. The threat actors seemingly target gamers as they distribute Erbium by impersonating fake game cheats and cracks.