Cyber attackers are utilizing a malicious tool known as Atlantis AIO Multi-Checker to carry out automated credential stuffing attacks, according to recent findings by Abnormal Security.
Abnormal Security notes that Atlantis AIO has become a potent weapon for attackers, allowing them to test millions of stolen credentials rapidly, as stated in their analysis.
Credential stuffing attacks involve the use of stolen account credentials, typically lists of usernames or email addresses and passwords, to gain unauthorized access to user accounts on unrelated systems through large-scale automated login requests.
Such credentials can be sourced from data breaches of social media platforms or acquired from underground forums where they are sold by other attackers.
In contrast to brute-force attacks, which focus on cracking passwords, login credentials, and encryption keys through a trial and error method, credential stuffing attacks involve using existing stolen credentials to gain unauthorized access.
According to Abnormal Security, Atlantis AIO provides attackers with the capability to launch credential stuffing attacks at scale via pre-configured modules for targeting various platforms and cloud-based services, thereby facilitating fraud, data theft, and account takeovers.
The cybersecurity company describes Atlantis AIO Multi-Checker as a tool designed to automate credential stuffing attacks, capable of testing stolen credentials at scale and attempting millions of username and password combinations across over 140 platforms.
The developers of Atlantis AIO claim that the tool is built on a foundation of proven success, with thousands of satisfied clients, while assuring customers of the security measures in place to keep their purchases private.
In the official advertisement, they state, “Every feature, update, and interaction is crafted with meticulous attention to elevate your experience beyond expectations,” and claim to “continually pioneer solutions that drive unprecedented results.”
Atlantis AIO’s targets include email providers such as Hotmail, Yahoo, AOL, GMX, and Web.de, as well as e-commerce, streaming services, VPNs, financial institutions, and food delivery services.
Another notable feature of the tool is its ability to conduct brute-force attacks against the aforementioned email platforms and automate account recovery processes associated with eBay and Yahoo.
Abnormal Security notes that “Credential stuffing tools like Atlantis AIO provide cybercriminals with a direct path to monetizing stolen credentials.”
Once attackers gain access to accounts across various platforms, they can exploit them in multiple ways, such as selling login details on dark web marketplaces, committing fraud, or using compromised accounts to distribute spam and launch phishing campaigns.
To mitigate the risks of account takeover posed by such attacks, it is recommended to implement strict password rules and phishing-resistant multi-factor authentication (MFA) mechanisms.
