Such services are touted in underground markets as offering fully undetectable (FUD) capability but, in practice, what crooks are buying is a longer shelf life for their malicious code. The prices for this service, branded as Cyberscan, varied between $7 to $40. The same pair of suspects also operated a service which allowed their clients to test their malware against antivirus tools. “ service activity was well structured and offered regular updates and customer support to the clients," according to a statement by investigators at European policing body Europol. These illicit crypting services – in operation since 2010 – charged their clients between $40 to $300, depending on license conditions. Malware writers use crypting services to disguise their malicious software as something benign. The unnamed duo are suspected of running the CyberSeal and Dataprotector ‘crypting’ services that were said to be used by more than 1,500 criminals to develop remote access trojans (RATs), information stealers, and ransomware. The police seized the backend infrastructure in Romania, Norway and the United States.Romanian police have arrested a pair of suspected cybercriminals who allegedly made a fortune running a malware encryption service that helped cybercriminals bypass antivirus defenses. The police searched four houses in Bucharest and Craiova and arrested 2 administrators. The prices for the three serviced were ranging from $40 up to $150. DataProtector was launched in 2015, while CyberScan was launched in 2019. The Romanian duo had been active in the cybercrime underground at least since 2014 when they launched CyberSeal. The prices for this service varied between US$7 to US$40.” “The criminals also offered a Counter Antivirus platform allowing criminals to test their malware samples against antivirus software until the malware becomes fully undetectable (FUD). Their service activity was well structured and offered regular updates and customer support to the clients.” continues the press release. “Their clients paid between US$40 to US$300 for these crypting services, depending on licence conditions. Malware authors use it to scan their new malware and check if it would be detected by antivirus software, unlike VirusTotal, CyberScan didn’t share scan results with antivirus vendors. The Cyberscan service, like the legitimate VirusTotal platform, allows its users to test their malware against antivirus tools. The international cooperation activities were carried out through the EMPACT Cybercrime Attacks Against Information System program and with the support of the Join Action Crime Task Force (J-CAT). “A number of 4 people will be taken to the DIICOT headquarters – Central Structure for the hearing.” reads the press release published by Romania’s Directorate for Investigating Organized Crime and Terrorism (DIICOT). The pair also operated the Cyberscan service which allowed their clients to test their malware against antivirus tools.“Ĭrypter services are used by vxers to scramble the code of their malicious code to evade detection. “These services have been purchased by more than 1560 criminals and used for crypting several different type of malware, including Remote Access Trojans, information stealers and ransomware. “Two Romanian suspects have been arrested yesterday for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection.” reads the press release published by the Europol.
0 Comments
Leave a Reply. |