Skip to main content

New malware can steal your credit card details — and it’s spreading fast

A new, highly dangerous malware called “Erbium” has been making the rounds over the last couple of months, and it’s highly likely that it will spread to new channels.

Erbium is an information-stealing tool that targets passwords, credit card information, cookies, cryptocurrency wallets, and more. Unfortunately, it’s widely available, which means that it could be used in new ways in the future.

An individual surrounded by several computers typing on a laptop.
Image used with permission by copyright holder

Erbium, while seemingly used at a small scale right now, has a lot of potential — and that’s scary. For the time being, this information-stealing malware is being shared under the disguise of pirated games and cheats for popular titles. However, because of its nature, it can spread like wildfire, because Erbium is a Malware-as-a-Service (MaaS) — meaning that pretty much anyone can get their hands on it.

Recommended Videos

Initially, Erbium was priced at just $9 per week, but now, it costs $100 per month or $1,000 for a year-long license. For that price, threat actors gain access to customer support, updates, and more importantly, the tool itself, with its full set of capabilities.

Please enable Javascript to view this content

Initially spotted in August 2022 by Cyfirma, the malware, hidden away within game cracks, has a lot of power.  It can steal data found within Chromium and Gecko-based browsers, including passwords, cookies, form autofill information, and credit card data. Moreover, it targets cryptocurrency users by attempting to steal data from their wallets as long as they’re installed as a browser extension.

That’s not all, though — Erbium can also steal cold cryptocurrency wallets, such as Exodus, Atomic, Bytecoin, Ethereum, and more. In addition, it can snatch two-factor authentication codes from various password and 2FA managers, such as Trezor, EOS Authenticator, Authy 2FA, and Authenticator 2FA.

Erbium steals Telegram authentication files, Steam and Discord tokens, and screenshots from each connected monitor. As all of these things are being stolen, the threat actors are being sent a full overview of what was extracted from the victim.

This malware, which is actually still cheap despite the price hike (it costs about a third of RedLine stealer, according to Bleeping Computer), is price-competitive and is receiving a lot of praise on various hacker forums. Considering how much it can do, it’s likely that someone will eventually work it into something else beside just game cracks, and then, it will likely become more widespread.

How to stay safe?

A dark mystery hand typing on a laptop computer at night.
Andrew Brookes / Getty Images

If you want to make sure you’re not at risk, right now, all you have to do is not download any illegal files (such as cracked games or bots for games). However, it’s a good idea to stay vigilant and also make sure you’re using one of the best antivirus software, keeping it updated, and scanning each file you download. If you own cryptocurrency, consider moving your funds to a fully-offline cold wallet as opposed to a desktop wallet.

Gamers often get targeted with malware. Just recently, we’ve seen Genshin Impact being used as a gateway to stealing passwords, and the game doesn’t even need to be installed on your PC for this trick to work. This is why it’s important to use anti-malware software and perform regular scans.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
Malware has a terrible new way to get to your computer
A villager looks at a sunset.

You've heard of malware spreading through spammy emails and mysterious links on strange websites. But now there's a new avenue of attack for bad actors to take -- and it's via Minecraft. Yes, you read it correctly. The open-world building game loved by seven-year-olds around the globe is quickly becoming a favorite method for spreading malware.

As reported by Bleeping Computer, Kaspersky Labs researched the phenomena from July 2021 until July 2022, and it found that in-game malware accounted for a significant amount of the malware that was spread in that time. Although there was a 30% drop in malware attacks in that year when compared to 2020, the amount of gaming-related malware actually increased. Minecraft on PC was the preferred vector.

Read more
Hackers are using fake WordPress DDoS pages to launch malware
A digital depiction of a laptop being hacked by a hacker.

Hackers are pushing the distribution of dangerous malware via WordPress websites through bogus Cloudflare distributed denial of service (DDoS) protection pages, a new report has found.

As reported by PCMag and Bleeping Computer, websites based on the WordPress format are being hacked by threat actors, with NetSupport RAT and a password-stealing trojan (RaccoonStealer) being installed if victims fall for the trick.

Read more
Oh great, new malware lets hackers hijack your Wi-Fi router
The Linksys Hydra 6 dual-band mesh WiFi 6 router.

As if you didn't already have enough to worry about, a new report finds hackers are targeting home Wi-Fi routers to gain access to all your connected devices.

The report comes from Black Lotus Lab, a security division of Lumen Technologies. The report details several observed real-world attacks on small home/home office (SOHO) routers since 2020 when millions of people began working from home at the start of the COVID 19 pandemic.

Read more