Hackers increasingly relying on dropper-as-a-service platforms to distribute malware Trojan
Malware authors are increasingly relying on dropper-as-a-service (DaaS) platforms to distribute their malicious creations, according to cybersecurity researchers.
In its latest research, Sophos has shared details about the growth of such DaaS platforms that infect victims who frequent piracy websites looking for cracked versions of popular business and consumer applications.
“During our recent investigation into an ongoing Raccoon Stealer (an information stealing malware) campaign, we found that the malware was being distributed by a network of websites acting as a “dropper as a service,” serving up a variety of other malware packages,” Sophos researchers Sean Gallagher, Yusuf Polat shared in a joint blog post.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
The researchers note that these DaaS often bundle multiple unrelated malware together in a single dropper, and have been observed to include click-fraud bots, information stealers, and even ransomware.
Profitable underground
The researchers note that the Raccoon Stealer campaign wasn’t the only one that relied on DaaS. Even after that particular campaign ended Sophos continued to see more malware and other malicious content distributed through the same network of sites.
“We discovered multiple networks using the same basic tactics in our research. All of these networks use search engine optimization to put a “bait” webpage on the first page of results for search engine queries seeking “crack” versions of a variety of software products,” note the researchers.
As they investigated the networks behind the sites themselves, Sophos made a couple of interesting observations.
For starters, since the dynamic delivery network acts as an intermediary between the bait sites and the download sites, the same infected cracked product download page can deliver multiple malicious campaigns at the same time.
On top of that it can also switch from one deliverable download to another in case the malware distributing customer has exhausted their delivery credits.
“A few hundred US dollars worth of cryptocurrency can buy a malware actor hundreds or thousands of downloads—though the price goes up if there’s a specific geographic targeting desired,” explain the researchers, adding that DaaS will continue to thrive since it’s profitable for everyone involved.
Malware authors are increasingly relying on dropper-as-a-service (DaaS) platforms to distribute their malicious creations, according to cybersecurity researchers. In its latest research, Sophos has shared details about the growth of such DaaS platforms that infect victims who frequent piracy websites looking for cracked versions of popular business and consumer applications.…
Recent Posts
- NYT Strands today — hints, answers and spangram for Friday, April 19 (game #47)
- The Meta Quest 2 gets a permanent price cut to $199
- Galaxy users claim they’re running into infamous green line problem after update
- Microsoft says Copilot app in Windows Server was a mistake
- Netflix is all about the money, not the members
Archives
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011