![]() ![]() They will often describe potential “legitimate” uses for their malware – only to further describe anti-malware evasion properties, silent installation and operation or features such as cryptocurrency mining, password theft or disabling webcam lights. Many authors will hide behind meaningless Terms of Service statements that end users must not use the malware for illegitimate purposes. When pursuing cases against malware authors, prosecutors typically need to demonstrate the author’s intent for the malware. The intent is once again on display with ComplexCode’s Discord-based commodity distributed denial-of-service (DDoS) offering, “Site Killah” (Figure 3). The actor’s forum signature indicates an affiliation with a site that sells accounts for services such as Netflix and Disney+ (Figure 2). This Italian malware coder previously authored a “Zodiac Crypto Stealer” and “Spartan Crypter” for obfuscating malware to avoid antivirus detection. A comparison of samples of the earlier WeSupply Crypto Stealer with WeSteal suggests that WeSteal is likely simply an evolution of the same project. However, ComplexCodes had been selling a “WeSupply Crypto Stealer” since May 2020. Origin of WeStealĪctor “ComplexCodes” started advertising WeSteal on underground forums in mid-February 2021. Palo Alto Networks customers are protected from WeSteal and WeControl with Cortex XDR, the Next-Generation Firewall with WildFire and Threat Prevention security subscriptions, and AutoFocus. We document these new revelations at the end of our report. Immediately before the publication of this report, we discovered that the actors had both added some new features to WeSteal, and had also complemented it with a new commodity remote access tool (RAT) called “WeControl”. We take a look at the actor WeSupply, with an operation and website by the same name, and at the Italian malware coder ComplexCodes, a co-conspirator and actual author of this malware. In this blog, we analyze WeSteal, detail the obfuscation and techniques it uses for persistence and operation, and examine the customers of this malware. The seller promises “ the leading way to make money in 2021” (Figure 1). The author of WeSteal, a new commodity cryptocurrency stealer, makes no attempt to disguise the intent for his malware. Often, commodity malware authors will disingenuously attempt to profess a guise of legitimacy for their malware – a strategy that often doesn’t stand up in court. Play nice, support each other and encourage learning.It seems that for every commodity malware takedown and prosecution, another replaces it to take a turn empowering cybercriminals. We are not tech support, these posts should be kept on /r/techsupportĭon't be a dick. Low-effort content will be removed at moderator discretion from security firms/pen testing companies is allowed within the confines of site-wide rules on self promotion found here, but will otherwise be considered spam. Spam is strictly forbidden and will result in a ban. Sharing of personal data is forbidden - no doxxing or IP dumping No "I got hacked" posts unless it's an interesting post-mortem of a unique attack. "How does HSTS prevent SSL stripping?" is a good question. Intermediate questions are welcomed - e.g. Offering to do these things will also result in a ban.Asking how to get into your "girlfriend's" instagram.This is not the place to try to find hackers to do your dirty work and you will be banned for trying. Discussion around the legality of issues is ok, encouraging or aiding illegal activities is not Hacking can be a grey area but keep it above board. "TeenagerĪrrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering". Guides and tutorials are welcome here as long as they are suitably complex and most importantly legal!īans are handed out at moderator discretion.Īnother one got caught today, it's all over the papers. This sub is aimed at those with an understanding of hacking - please visit /r/HowToHack for posting beginner links and tutorials any beginner questions should be directed there as they will result in a ban here. What we are about: quality and constructive discussion about the culture, profession and love of hacking. A subreddit dedicated to hacking and hacking culture. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |