Commercial Malware Makes a Comeback in 2016
Among the trends identified in the IBM
X-Force Threat Intelligence Index for 2017 was the notable reemergence of
commercial malware in the fraud underground. Commercial malware is defined as
malicious code that can be purchased or rented in software-as-a-service (SaaS)
mode, sometimes in SaaS models, by cybercriminal buyers.
The most popular types of malcode we observed in
2016 were Android malware, banking Trojans, ransomware offerings and DDoS-as-a-service
vendors. Since DDoS tools are mostly sold as a service and not as malware per
se, we will focus here on banking Trojans, Android malware and ransomware.
Banking Trojans
Many antifraud professionals remember that banking
Trojan sales saw a sharp dip in most underground boards ever since law
enforcement infiltrated
the ranks of the internet’s underbelly in 2010 to 2012. It was a time when
the Zeus Trojan’s author made the FBI’s
most wanted list, SpyEye’s creator got sentenced
to jail time in the U.S. and Gozi’s mastermind got picked up
by U.S. law enforcement.
With an increasingly palpable fear of law
enforcement, most of those selling malware in the underground, aside from Citadel’s
vendor, scattered, leaving only some low-level Zeus vendors to sell
executable files generated from their existing malware builders. By 2014, even
Citadel stopped selling in the underground and no actual developers were
willing to openly sell full-kit banking Trojans with a modules package, a
proper license, and the bug fixes and tech support fraudsters got used to
buying directly from the malware’s own author.
But commercial banking Trojans have since found a
way to make a comeback of sorts. In 2016, we witnessed a few notable
occurrences in that regard…
Dear reader: these special research article and report are part
of my work with IBM X-Force. Read the complete post and download my final report here.
Comments
Post a Comment