A new report from bot defense firm Kasada has exposed the growing threat of ALTSRUS, a fraud syndicate targeting some of the most vulnerable corners of the digital economy. Researchers revealed how the group has scaled its operations to steal and resell accounts tied to Electronic Benefit Transfer (EBT), pharmacy prescriptions, and consumer rewards programs.
Kasada’s threat intelligence team refers to ALTSRUS as the “Reverse Robin Hood” because of its focus on taking from those who are financially disadvantaged to fuel its own criminal enterprise.
“Exposing how credential stuffing groups monetise stolen credentials is a critical step in helping organizations detect and respond to these attacks. Many businesses are blind to the repeatable patterns behind automated fraud and often don’t realize they’ve been targeted until weeks or even months later, by which time attackers have likely returned multiple times. The targeting of EBT accounts represents a troubling evolution, revealing how criminals are now profiting by exploiting society’s most vulnerable,” Reece Baldwin, Head of Threat Intelligence and Security Engineering, Kasada, told Help Net Security.
ALTSRUS offers access to consumer accounts from a major U.S. pharmacy chain, advertising 17 different types of prescriptions ready for refill. Many of these medications are used for severe pain management, mental health conditions, and other critical quality-of-life needs, effectively blocking legitimate patients from obtaining the treatments they rely on.
In the first quarter of 2025 alone, ALTSRUS sold more than 220,000 stolen accounts, marking a 2,852% year-over-year increase in activity. The group expanded its fraud campaigns to span 13 industries, illustrating the growing scale and adaptability of modern organized fraud.
“What comes next is even more concerning: the tools, bypasses, and monetization methods used by groups like ALTSRUS are being widely shared, lowering the barrier for more threat actors to adopt these tactics. We expect credential abuse to become more frequent, more distributed, and increasingly more difficult to detect,” Baldwin concluded.
