Kids are earning pocket money selling malware on Discord

ID theft
(Image credit: Future)

A group of minors has been spotted building, advertising and selling various malware and ransomware strains on Discord, earning pocket money for themselves in the process.

Cybersecurity experts from Avast recently discovered a Discord server in which a group of hackers discussed building, upgrading and selling malware families such as Lunar, Snatch and or Rift.

After a closer inspection of the discussion, researchers concluded that the group consisted of mostly minors, as they kept mentioning their parents and teachers, as well as throwing various age-related insults at each other.

To join the group, and essentially become the user of the malware-as-a-service, one must pay a fee, which ranges from anywhere between €5 and €25. Avast says up to 100 accounts have paid to access one such group.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Trickery and deception

The group in question builds and exchanges various types of malware, including those with password-stealing capabilities, infostealers, those capable of mining various cryptocurrencies for the attackers, and in some cases, even running ransomware attacks.

When it comes to distributing the malware, the process is more-or-less the usual, with a little twist. The crooks create a YouTube video, demonstrating a crack for commercial software or a popular computer game, and include a download link for the fake crack in the description.

To help build authenticity, other members of the Discord group then add comments to the video, thanking the author for their contribution and “confirming” that the file on the download link is actually legitimate.

This, Avast claims, is a lot more sinister, compared to the usual practice of using bots to add comments, as it’s almost impossible to detect fraud when genuine accounts support a video.

Spreading ransomware, infostealers, and other malware might be an illegal, malicious practice, but with this group, in many instances, it’s all perceived as pranking, Avast concluded.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.