Security experts at Kaspersky have spotted in the wild a new variant of AlienSpy RAT Family openly offered with a model of malware-as-a-service.
Today we will speak about a case of malware-as-a-service, in the specific case the threat is a remote access trojan, aka RAT, that could be used to gain control over multiple platforms, including Windows, Linux, Mac OS X, and Android.
The RAT belongs to a family of Java malware that exists since 2013 and that recently is offered for sale as a “commercial” backdoor-as-a-service. It is known as AlienSpy or Adawind, and security experts spotted it in an attack on an employee of a Singapore bank.
In April 2015, experts at Fidelis discovered that variants of the AlienSpy remote access trojan (RAT) were used in global phishing campaigns to deliver the popular Citadel banking Trojan and maintain the persistence inside the targeted architecture with a backdoor mechanism.
AlienSpy implements the typical features of other RATs plus further features, including the ability to capture webcam sessions, to steal browser credentials, to use the victim’s microphone to record environment conversations, to access files and to provide a remote desktop control.
AlienSpy uses plugins to implement the above capabilities and experts have dozens of different plugins.
AlienSpy botnet was destroyed in 2015 when the experts identified the command and control infrastructure and neutralized it.
Security experts at Kaspersky have spotted a new variant of the malware that has been modified and offered as a service in the criminal underground. Researchers at Kaspersky observed more than 150 attack campaigns relying on the new variant of AlienSpy, bad actors in the wild targeted more than 60,000 individuals.
[it] is open for service again to customers ranging from Nigerian scam operators to possible nation-state actors. Ars has confirmed that the service is offered openly through a website on the public Internet.” states Ars.
The analysis of subscribers to the malware-as-a-service revealed that the majority of clients come from the US, Canada, Russia, and Turkey.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.