Online community of children spreading malware
An online community of minors who construct, exchange and spread malware has been discovered by digital security firm Avast.
The children, aged between 11 and 18, lure young users by advertising access to different malware builders and tool kits that allow laypeople to construct malware easily. In some cases, people have to buy access to the malware builder tool in order to join the group, and in others, they can become group members where they are offered the tool for a nominal fee of AU$7–$37.
Malware builders are tools that allow users to generate malicious files without having to program anything. Typically, users only need to select the functionalities and customise details such as the icon. There are several builder-based malware families that have similar user interfaces with slightly different layouts, colour pallets, names and logos. They are usually short-lived projects based on a source code from GitHub or some other builder, rebranded with a new logo and name, sometimes slightly tweaked or modified with new functionalities.
The community found to be spreading malware uses dedicated Discord servers as a discussion board and selling place to spread malware families such as “Lunar”, “Snatch” or “Rift”, which follow the current trend of malware-as-a-service. On discussion boards, children revealed their ages, discussed the idea of hacking teachers and their school systems and mentioned their parents in conversations. In a Discord group focusing on selling Lunar, there were over 1500 users, out of which about 60–100 had a “client” role, meaning they paid for the builder. The prices of the malware builder tools differ depending on the type of tool and duration of access to the tool.
The types of malware exchanged among teens target both minors and adults, and have options that include password and private information stealing, cryptomining and even ransomware.
“These communities may be attractive to children and teens as hacking is seen as cool and fun; malware builders provide an affordable and easy way to hack someone and brag about it to peers, and even a way to make money through ransomware, cryptomining and the sale of user data,” said Avast Malware Researcher Jan Holman.
“However, these activities by far aren’t harmless, they are criminal. They can have significant personal and legal consequences, especially if children expose their own and their families’ identities online or if the purchased malware actually infects the kids’ computer, leaving their families vulnerable by letting them use the affected device. Their data, including online accounts and bank details, can be leaked to cybercriminals.”
Avast has created detections protecting users from the samples spreading on the servers and reached out to Discord to inform them about these groups. Discord confirmed they take action to address these types of communities and has banned the servers associated with Avast’s findings.
New research suggests that gamified education can help students to improve spatial reasoning skills.
An AI-powered online grooming alert has been designed to protect children from tactics used by...
Australia's lack of investment in science and innovation has revealed a troubling trajectory...