What does Erbium InfoStealer do?
Erbium is a newly discovered infostealing malware. The malicious tool was put up for sale on the dark web by a Russian-speaking threat actor back in the summer of 2022.
Erbium is sold for a relatively modest price, with subscriptions ranging from a mere $10 for a week to $150 for a full year. Prices took a hike up in August and a single month started selling for $100. While initially offered through a web page, the malware switched to a Telegram bot that handles its customers and subscriptions.
The malware has an obfuscated executable and features polymorphic capabilities that make detection harder. The malware uses a legitimate Windows application to deploy itself.
Once deployed in memory, the malware contacts its command and control server and downloads a malicious DLL, which comprises the final payload.
Erbium can capture screenshots from the infected system, scrape system information, search for and steal form-fill data saved in browsers, as well as scrape a number of cold wallets for a great number of cryptocurrencies.
The malware targeted victims located in the US, Europe and India.