Cybercrime costs 575 billion yearly. And as we have seen more technological advancements in past years, cybercrime keeps getting easier. Hackers and their malware are always one step ahead of law enforcement and security firms working around the clock, pooling their efforts to prevent cybercrime. To illustrate how anyone could launch their own cybercrime operation with little skills and a small investment, we will take a step into the darknet and look at some products offered on markets accessible to anyone. All one needs is TOR and a brain! Into the rabbit hole we go!
To run a successful operation, we need a goal and a purpose. Let’s say we want to make Bitcoin. Let’s start by figuring out what sort of malware we want to spread. Ransomware seems to be the current trend which can reap profits in Bitcoin, so let’s find some ransomware!
For a nominal fee of 500$ USD, you could be the happy owner of the GinX ransomware, working on both Windows and MAC OS-X! The software comes in multiple extensions, including .exe, .scr, and .com for windows or .app for Mac! To the victim the file will appear to be a simple word document, yet once activated it will start encrypting all of the users files (except movie files, those waste precious time and take too long) with AES265 encryption! On MAC OS-X it will even take a picture of the victim via MAC webcam and use that picture within the prompt presented to the user explaining how to pay the ransom and get your files back. After 96 hours, all files will be permanently unrecoverable, lost forever.
My advice to those who aren’t interested in spreading and want to avoid becoming a victim to ransomware? Don’t get infected, don’t run sketchy files, don’t browse sketchy sites and use no-script. Once your files are encrypted, there is no cure besides the decryption key. The best end to your suffering would be a sledgehammer for your HDD.
Now, our malware is supposed to be FUD, but that’s a cat and mouse game, as signatures are developed daily and our operation could be easily obstructed by an unfortunate anti-virus detection. Let’s invest in some extra security and find a crypter! What’s awesome about crypters is that you can find them on the Clearnet, as they can have legitimate uses as well. You can even find many free crypters, though they are often saturated and rarely FUD. Take, for example, this crypter which appeared in the first few results on Google when searching to buy crypters.
Now once we crypt our ransomware we’ll have a devastating payload to create chaos and make Bitcoin at the expense of our victims! However, how will we spread our payload? Malvertising seems to be the new trend, which is something we could get in on too, just like the Kyle and Stan malvertising campaign! With malvertising, we can take advantage of the insecurity of the internet advertising industry. By starting an ad campaign that redirects users to a landing page that will serve up our payload, we could deliver our ransomware to victims from quality, mainstream websites who won’t be expecting anything!
We can even take our operation to a whole new level. The Kyle and Stan campaign used social engineering to trick users into installing unwanted but mostly harmless software onto their computers. Using a web exploit kit, we could deliver our payload without our victims consent for maximum devastation!
This kit was used to exploit web browser vulnerabilities on thousands of victims, among other things, largely around 2010. This kit would likely still work on users using outdated browsers. If we wanted, we could invest time into looking around for something even better. With enough money to invest, we could be sure to find a more up to date kit or even a 0-day web browser vulnerability to use for spreading our payload and reaping destruction!
Acknowledge the purpose of this article is to demonstrate, for purposes of awareness, the facility by which malware attacks can be launched using easily accessible software. The products found here are from aimlessly browsing the Clearnet and darknet markets. They are not assured to be of any quality. No association exists between this article and the products listed, this article is NOT vouching for any products listed.