A hacker has tricked over 18,000 aspiring cybercriminals into downloading a fake malware builder which secretly infects their computers.
Yes, even threat actors can find themselves falling victim to their fellow hackers. In this surprising case, threat actors attempting to access malicious tools for committing cybercrimes were targeted by a more experienced hacker. These beginner hackers – known as “script kiddies” due to their limited skills – were tricked into downloading what they believed was a tool to create malware. Instead, they soon discovered that this ‘tool’ infected their devices.
Naturally, most readers of the Ophtek blog are looking to protect their IT systems rather than committing cybercrimes. Nonetheless, this cautionary tale contains plenty of lessons to be learned for all PC users.
The Hunter Becomes the Hunted
At the center of this attack is a weaponized version of a malware creation tool, one designed to generate the XWorm Remote Access Trojan. The attacker uploaded this fake tool to multiple platforms including GitHub repositories, Telegram channels, and YouTube tutorials. Advertised as a free and effective way to create malware, the bait was set to attract victims looking for a shortcut to their hacking goals. And they certainly took the bait, over 18,000 of them.
Unfortunately, once the program was executed, it was far from helpful. Instead of generating malware, the tool set about installing a backdoor on the victim’s PC. This gave the attacker unauthorized access to the now compromised system. With free rein to the infected PC, the threat actor could steal personal information, monitor activity on the PC, and take full control of the device. The attack claimed countless victims, with affected machines reported from the United States to Russia.
Researchers also found that the threat actor included a kill switch within the malware; this was later used to uninstall the malicious software from many of the infected machines. However, some systems remained infected and at risk of being compromised further. Quite why this kill switch was included is a mystery. Hackers rarely want to see their efforts curtailed, but it may be that this particular attack was an experiment or a rehearsal for something much bigger.
How Can Your Protect Your PCs?
This latest attack highlights the risks of downloading software from untrusted sources, even if you happen to be a hacker yourself. So, with everyone at risk of similar attacks, we’ve put together three important tips to keep you safe:
- Only Download from Trusted Sources: Make sure you always use reputable and official websites for downloading software. Avoid downloading files from unfamiliar websites, torrent sites, or websites which look suspicious – if in doubt, check with an IT professional.
- Use Antivirus Tools: Install and maintain up-to-date software – such as AVG and Kaspersky – on your devices. These tools, which are available as free versions, provide a crucial line of defense against malware threats.
- Remain Cautious: Stay updated on the latest cybersecurity trends and threats – you can make a start by bookmarking the Ophtek blog. Always be suspicious of anything online which sound too good to be true, such as free access to subscriber-only tools, or urgent calls to install vital updates.
For more ways to secure and optimize your business technology, contact your local IT professionals.
