You would be hard pressed to come up with a more nostalgic image than a child running a lemonade stand in their front yard on a hot afternoon. Unfortunately, there is nothing nostalgic about what some young entrepreneurs are doing today. A team of researchers recently uncovered a group of minors that were running what can be described as a virtual malware stand. The researchers reason them to be minors due to their repeated mentions of parents and teachers as well as age-specific language. It seems that malware has become so simple to peddle, that even underage amateurs can do it. For an eager customer, all it takes to gain access is a nominal subscription fee between €5 and €25. My how the world has changed.
The Growing Prevalence of Malware Toolkits
While this age of this particular online malware retailer may be extra troubling due to the age of those involved, these types of instances are unfortunately becoming commonplace. The dramatic growth of Ransomware-as-a-Service clearly exemplifies the capitalistic spirit of the malware community that enables novices to encrypt enterprises just like the big players and this demand has fueled a vast list of other malicious products catering to wannabe hackers. These toolkits aren’t sold on some dark alley on the rough side of town but are made available using readily accessible environments utilizing the Tor Browser. It seems like the more security focused we become, the more options are available for ill intent users to exploit user platforms.
What is the Tor Browser?
While the Tor Browser can be utilized under nefarious circumstances, the original intention of the Tor Browser was completely reputable. Tor, also known as The Onion Router, is a free open-source browser application that was created for anonymous communication. It relies on a volunteer network of thousands of relays throughout the world that help to conceal a user’s location and usage. The intent was to provide a way for legitimate users to protect their privacy while on the internet. The ability to surf the web anonymously is a big reason why Tor is illegal in many totalitarian states.
The Dark Web
Tor is the gateway to the deep web, that area of the Internet that doesn’t want to be indexed by search engines. An example might be a private club or organization that may have a members-only area. A large swath of the deep web is known as the dark web. As its name implies, it’s that area of the internet where activities that typically take place during the dead of night occur. Here one can shop for a laundry list of unsavory products such as illegal drugs, firearms, stolen credit cards and of course, malware. Transactions are placed anonymously to conceal identities and payments are made using crypto currency.
Yet despite the dark undertones of this secretive shopping area, these dark web marketplaces have a lot in common with traditional online retailers. Malware sellers use ads to advertise their goods and attract buyers with some products bundled for promotional pricing. Of course, like any online merchant, positive reviews play an important part in establishing trust within the minds of potential customers.
CYREBRO Research Labs Discover Eternity Project
Recently, a team from CYREBRO Research Labs discovered a new Malware-as-a-Service tool kit product being marketed on the Tor marketplace. Known as the Eternity Project, the group behind it is also using Telegram Channels to communicate information about the toolset that at the time had 500 subscribers.
Telegram Channels are like social media community groups that people can join to communicate with others that share the same interest about a given subject. The channels are used to broadcast messaging to large subscriber audiences through posts and notifications. In the case of Eternity Project, the dedicated telegram channel features videos outlining the latest product updates and how-to-videos.
One sinister example of Eternity’s modular toolkit is the Eternity Stealer which can siphon information such as credit card numbers, passwords, cookies, crypto extensions and so forth from the web browser on a targeted machine. Users who cache information within their browsers are highly vulnerable to these malicious tools. That kind of power is available for the low price of $260.00.
Hackers Turning to Legitimate Platforms
According to Ziv Nachman, an intelligence analyst at CYREBRO, hackers are expanding their distribution channels beyond Tor sites. They are now utilizing legitimate platforms we all use every day. Russian hackers and other organizations are turning to the ubiquitous platforms of Google Drive cloud storage services and others to deposit payloads into their targeted environments. Sharing files on cloud storage platforms has become commonplace and hackers are taking advantage of the trend. Globally recognized names such as Dropbox, OneDrive and Google are trusted by the public at large and few organizations block their services using web filtering or disallow lists because these trusted brands have become so integrated into society. The sheer number of cloud storage accounts across the world combined with privacy policies of these platforms complicates combative efforts to stop the practice.
As previously explained by Nachman, what we are witnessing is the next evolutionary step of hacking. It’s no longer about building a better mouse trap. Its have about having the distribution system in place to get your malicious products out there to the public to achieve attack objectives. While Tor sites were ample early on, the top players in the hacking community are creating one-stop-shop platforms that cater to the typical hacker merchant looking for prefabbed tools to use in their own mischievous endeavors. By switching to legitimate platforms that are already user friendly and secure, hackers can achieve greater market penetration for their mischievous products.
Hackers will use whatever means necessary to achieve their malevolent objectives. Clearly, this now entails expanding into the use of legitimate platforms and promoting easy-to-use malware packages that nearly anyone can use. The research of Ziv Nachman and others shows the importance of keeping abreast of new threat types and attack methodologies because innovation by the malicious players continues to surge ahead. That’s why it’s important to be partnered with a team that dedicates itself to identifying these new threats to understand how to combat them. At the rate that hacking tactics, tools and distribution methodologies are improving, it’s hard to operate safely on your own today.