Group-IB discovered 34 Russian hacker gangs that were using a stealer-as-a-service model to spread malware that steals data and credentials from online gaming and payment accounts.
The global leader in cybersecurity said that over 890,000 user devices were hacked and over 50 million credentials were stolen by the gangs in the first seven months of 2022.
To put it simply, an info stealer is a sort of malware that harvests sensitive information from infected PCs, such as login passwords for online services (including games, email, and social media), payment card numbers, and cryptocurrency wallet addresses.
It has infected 5,390 Pakistani devices between March 2021 and December 2021; this number increased to 16,591 in 2022.
Scammers were able to access 1,432,825 passwords (an increase over the 226,213 they stole between March and December 2021) from infected devices, as well as 1,122 payment records and 1,494 crypto wallet credentials and seed phrases.
Users should not save passwords in browsers, should not download software from unknown sites, and should routinely erase browser cookies, as advised by the Group-IB Digital Risk Protection team.