A group of minors has been spotted building, advertising and selling various malware and ransomware strains on Discord, earning pocket money for themselves in the process.
Cybersecurity experts from Avast recently discovered a Discord server in which a group of hackers discussed building, upgrading and selling malware families such as Lunar, Snatch and or Rift.
After a closer inspection of the discussion, researchers concluded that the group consisted of mostly minors, as they kept mentioning their parents and teachers, as well as throwing various age-related insults at each other.
To join the group, and essentially become the user of the malware-as-a-service, one must pay a fee, which ranges from anywhere between €5 and €25. Avast says up to 100 accounts have paid to access one such group.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
Trickery and deception
The group in question builds and exchanges various types of malware, including those with password-stealing capabilities, infostealers, those capable of mining various cryptocurrencies for the attackers, and in some cases, even running ransomware attacks.
When it comes to distributing the malware, the process is more-or-less the usual, with a little twist. The crooks create a YouTube video, demonstrating a crack for commercial software or a popular computer game, and include a download link for the fake crack in the description.
> What is malware and how can you remove it forever (opens in new tab)
> What is malware and how dangerous is it? (opens in new tab)
> How to remove malware from your computer (opens in new tab)
To help build authenticity, other members of the Discord group then add comments to the video, thanking the author for their contribution and “confirming” that the file on the download link is actually legitimate.
This, Avast claims, is a lot more sinister, compared to the usual practice of using bots to add comments, as it’s almost impossible to detect fraud when genuine accounts support a video.
Spreading ransomware, infostealers, and other malware might be an illegal, malicious practice, but with this group, in many instances, it’s all perceived as pranking, Avast concluded.
- Keep your endpoints safe from hackers without an ID card with these services (opens in new tab)