Experts from security firm Cybereason warn of a mysterious group of hackers that are distributing trojanized hacking tools on an almost daily basis for the past years.
These hacking tools are used by fellow hackers that appear to be the targets of the group. The tools are being shared online on popular hacking forums and blogs, they are infected with a version of the
“The threat actors behind this campaign are posting malware embedded
The researchers discovered more than 1,000 samples while investigating the group’s operations, but experts believe the campaign could be broader.
Hacking tools that were infected by the mysterious group of hackers include site scrapers, exploit scanners, hacking tools (brute-force attack tools,
Evidence collected by Cybereason suggests the threat actors could have a
“On November 25 2018, the capeturk.com domain expired and was registered by a Vietnamese individual. The domain started to be associated with malware around the time of the re-registration, however, it is unclear whether this Vietnamese individual has any ties to the malware campaign.” continues the report.”That being said, it seems someone from Vietnam is constantly testing the samples by submitting them to VirusTotal.”
Many tainted applications analyzed by Cybereason contacted two domains, one of them, “capeturk.com domain” was registered by a Vietnamese individual.
Experts also noticed that many the
“This investigation surfaced almost 1000
“It is clear the threat actors behind this campaign are using multiple servers, some of which appear to be hacked WordPress blogs. Others appear to be the infrastructure owned by the threat group, judging by multiple
At the moment, we are unable to ascertain the other victims this malware campaign is targeting, other than those targeted by the
The report published by Cybereason includes indicators of compromise (IOCs) and the MITRE ATT&CK matrix.