[Warning]: Erbium new crypto password stealer malware

[Dave1]

New password stealing malware aptly called Erbium have been detected in the wild.

What's scarier is that it includes a lot of crypto wallets and authenticator as it's target:

Cold wallets from browsers (MetaMask, TronLink, Binance Chain Wallet, Yoroi, Nifty Wallet, Math Wallet, Coinbase Wallet, Guarda, EQUAL Wallet, Jaxx Liberty, BitApp Wallet, iWallet, Wombat, MEW CX, GuildWallet, Saturn Wallet, Ronin Wallet, NeoLine, Clover Wallet, Liquality Wallet, Terra Station, Keplr, Sollet, Auro Wallet, Polymesh Wallet, ICONex, Nabox Wallet, KHC, Temple, TezBox, Cyano Wallet, Byone, OneKey, LeafWallet, DAppPlay, BitClip, Steem Keychain, Nash Extension , Hycon Lite Client, ZilPay, Coin98 Wallet, Harmony, KardiaChain, Rabby, Phantom, TON Crystal Wallet)

And then browser authentication too:

Other browser plugins (Authenticator, Authy, Trezor Password Manager, GAuth Authenticator, EOS Authenticator)

And also Cold desktop wallets:

(Exodus, Atomic, Armory, Bitecoin-Core, Bytecoin, Dash-Core, Electrum, Electron, Coinomi, Ethereum, Litecoin-Core, Monero-Core, Zcash, Jaxx)

And so far this is the countries that have been affected by this malware:



And again, it's the same old story but still very effective methods for this cyber criminals - they spread it through fake and crack download software sites.

https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

[Charles-Tim]

People do not know what cold wallet devices are. They are devices that are perfectly airgapped immediately just after the OS has just been reinstalled.

It would be easy for such malware to reveal all passwords saved on online clouds. Like Google cloud through Chrome broswer. Chrome now log users in automatically and all passwords that were backup are now revealed through Chrome.

Even this has been possible many years ago without Chrome broswer, but the kind of devices we are having presently as the world is advancing are making it easier for malware to easily penetrate.

Above all, avoid malware. It is easy to avoid malware if you learn how to.

[jackg]

I can't decide if this is a good place or not for this to be posted since I imagine a lot of these are being downloaded from places like telegram channels? I can't find anything that says where the software would be installed from so I'd assume it's there.

Using a search engine in this case is probably all that's needed to stop you downloading a piece of malware like this though (and clicking on the first non ad). Although perhaps some eth forks like harmony one got a bit confusing (with similar extensions but different networks and two address types).

[Lucius]

Okay, another malware in an endless series has been discovered - but what nonsense is this about calling all these affected wallets cold wallets? Of course, some of the listed wallets can be used as cold storage, but some members of this forum who are not beginners should know the clear difference between hot crypto wallets, hardware wallets, and cold wallets.

The whole meaning of what the author calls "cold wallets" is absolute protection against any online threat, including malware.