The RSA Research Team has discovered the offer of a complete collection of malware through open channels like social media and emails.
RSA Research has recently published an interesting update on the underground sale of malware tool, the experts have discovered a server who is offering a set of spyware tools for sale under the vendor names TampStore and Crown Softwares.
While researchers were investigating a Zeus Trojan sample have found the online store which is offering openly spyware tools as legitimate products despite they can be considered illegal in many countries.
The online store offers the following ‘products’:
TampZusa – stealer application for stealing information and images from browsers, email clients, keylogging, screen captures, webcam, and messenger clients
TampStealer – same as TampZusa, with a few extra bonuses added to the package
TampKelogger Classic – a basic case-sensitive keylogger that can also record window titles
TampKeylogger Premium – a full featured keylogger that also includes all the features of the TampStealer
TampSpammer – a basic mass-mailer spamming application Of all the listed products, the TampStealer appears to be the most complete package of spyware tools. The following is a list of the features advertised in the online store.
Also in this case cyber criminals show their ability to manage an efficient sale organization, the proposal includes a detailed advertising that explores also social media like Facebook.
Further analysis conducted by the RSA team have traced a number of entries posted by fraudster in a Romanian hacker forum as well as advertising his availability for hire in a web programming forum.
RSA team succeeded in the analysis of the administration panel and log files of the TampStealer spyware and has found numerous records of stolen login credentials as it is shown in the below image.
This case is considerable interesting not for the proposal itself, but for the advertising capabilities of the cyber criminals that propose it for sale on the open web and social networking sites.
“This particular software tool author does not seem to be afraid or concerned about exposing his software or his email addresses to the general public. Such behavior goes against the trend of pushing cybercriminal activity further underground as has been witnessed by RSA over the last two years.” states RSA in a report on the discovery.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.