Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security.
Atlantis AIO “has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession,” the cybersecurity company said in an analysis.
Credential stuffing is a type of cyber attack in which an adversary collects stolen account credentials, typically consisting of lists of usernames or email addresses and passwords, and then uses them to gain unauthorized access to user accounts on unrelated systems through large-scale automated login requests.
Such credentials could be obtained from a data breach of a social media service or be acquired from underground forums where they are advertised for sale by other threat actors.
Credential stuffing is also different from brute-force attacks, which revolve around cracking passwords, login credentials, and encryption keys using a trial and error method.
Atlantis AIO, per Abnormal Security, offers threat actors the ability to launch credential stuffing attacks at scale via pre-configured modules for targeting a range of platforms and cloud-based services, thereby facilitating fraud, data theft, and account takeovers.
“Atlantis AIO Multi-Checker is a cybercriminal tool designed to automate credential stuffing attacks,” it said. “Capable of testing stolen credentials at scale, it can quickly attempt millions of username and password combinations across more than 140 platforms.”
The threat actors behind the program also claim that it’s built on “a foundation of proven success” and that they have thousands of satisfied clients, while assuring customers of the security guarantees baked into the platform in order to keep their purchase private.
“Every feature, update, and interaction is crafted with meticulous attention to elevate your experience beyond expectations,” they state in the official advertisement, adding “we continually pioneer solutions that drive unprecedented results.”
Targets of Atlantis AIO include email providers like Hotmail, Yahoo, AOL, GMX, and Web.de, as well as e-commerce, streaming services, VPNs, financial institutions, and food delivery services.
Another notable aspect of the tool is its ability to conduct brute-force attacks against the aforementioned email platforms and automate account recovery processes associated with eBay and Yahoo.
“Credential stuffing tools like Atlantis AIO provide cybercriminals with a direct path to monetizing stolen credentials,” Abnormal Security said.
“Once they gain access to accounts across various platforms, attackers can exploit them in multiple ways — e.g., selling login details on dark web marketplaces, committing fraud, or using compromised accounts to distribute spam and launch phishing campaigns.”
To mitigate the account takeover risks posed by such attacks, it’s recommended to enact strict password rules and implement phishing-resistant multi-factor authentication (MFA) mechanisms.
