Erbium – A New Malware – Dangerous Game, Spreads Fast

Erbium is a so-called malware-as-a-service. Cybercriminals use it to steal sensitive data by collecting passwords, cookies and credit card numbers.

Oct 21, 2022 - 2 min.
Picture of: Branka Miljanovic
Branka Miljanovic

Erbium could almost be a precious resource over which people fight fiercely in a computer game. Erbium is rare earth used to amplify lasers – with typical applications including communications or medical technology. The recently discovered malware with the same name has something to do with computer games too…

Since the 1990s, wars have been waged in the classic strategy game 'Command & Conquer' over the sought-after material 'Tiberium' – whose unique properties make it invaluable, especially for producing weapons. 'Command & Conquer still has many enthusiastic fans worldwide – and like all gamers, they have, from the outset, tried to get their hands on free pirated copies of the software or use cheat programs to gain advantages over their opponents.

Gamers now act as spreaders

Fast forward to the present, and nothing has changed. Whenever a new and highly anticipated game is launched, pirated copies and cheat software are frequently circulated online before the release date. Time and again, these illegal downloads serve to infect user computers with malware. The new malware Erbium could be described as 'the hacker's Tiberium' – just like the Tiberium from the computer game, Erbium gives hackers many ways to inflict major damage.

Erbium provides laser-sharp insights into third-party computers

The malware Erbium was first discovered in July 2022 by security experts from the American firm Cluster25, who classified it as highly dangerous. Hackers are spreading Erbium by hiding it in software cracks and cheating for popular computer games.

According to Cluster25, infections have been recorded in the US, France, Spain, Italy, India, Columbia, Malaysia and Vietnam. Yet there are many signs that Erbium will soon gain significant momentum – spreading rapidly worldwide. This is backed up by factors such as its availability for purchase as a relatively cheap Malware as a Service (MaaS) and the huge potential of this info stealer.

Erbium – a potent software parasite available on subscription

Erbium was initially offered in July on various forums – back then for a weekly fee of USD 9. This attracted a great response from the cybercrime scene. Soon afterwards, subscription prices increased to USD 100 per month or even USD 1,000 per year.

The many and varied ways it can be used make Erbium especially attractive

Erbium gathers information from infected computers like harvesters in 'Command & Conquer' collect Tiberium. The security company CYFIRMA summarised the most critical capabilities of Erbium.

Erbium can do any of the following:

  • take screenshots of all connected monitors
  • collect user data such as passwords from any emails and chat clients
  • collect passwords, cookies, credit card numbers, search histories, maps and autofill data from web browsers such as Google Chrome, Firefox or Thunderbird
  • extract sensitive data from browser plugins such as Authenticator, Authy, Trezor Password Manager, GAuth Authenticator or EOS Authenticator
  • read sensitive data about cryptocurrency accounts from cold browsers and desktop wallets
  • access Steam and Discord accounts
  • access FTP clients such as FileZilla and Total Commander
  • collect information from two-factor authentication and password manager programs
  • spy on detailed system information (CPU, GPU, hard discs, RAM, monitors including graphics resolutions, MAC number, Windows version, Windows user, name of the PC, PC configuration, Windows license) 
  • collect information from installed applications
  • access drives, paths, folders and files
  • load libraries, processes and DLLs into the memory

Cybercriminals can then retrieve the stolen data using command & control servers. We expect Erbium to spread through the gaming community and open up additional channels.

Shady sales channels

Cybercriminals offer Erbium on the Darknet but also in underground forums. Hackers who set up a subscription for the malware can use it to siphon off confidential data and benefit from comprehensive support from the developers – who have already announced further development of the Erbium code.


Cybercrime: How to Protect Your Business