A new malware was discovered on sale for the amount of 50 dollars in its beta version, but promising the possibility of allowing customers to open their own botshop to let the buyer to rebuild the bot and sell access to others, creating their own botnet.
A researcher specialist in pentest detected the malware called Kardon Loader in underground forums, as its authors were still looking for testers to infect victims, get persistence in a user’s computer and report to a command and control server. The malware was also promoted by its use of anti-analysis techniques to discourage white hat hackers capable of conducting pentest to examine their internal functioning.
Kardon appears to be a brand change of the ZeroCool bots Network, which was developed by the same people. The creators of the malware do not distribute it widely, so far there are only 124 infections detected, but the researchers found that the attackers have been doing tests recently.
Despite an extensive list of features announced with the malware, some seem to have been exaggerated because its authors say that the bot has Tor integration, however, researchers found no evidence of these capabilities in the analyses Binaries they analyzed.
The investigator detected the malware for the first time on April 21, 2018, after an attacker using the name Yattaze began to advertise the malware in a forum. Botnets creators have reported a future development for the malware and, meanwhile, pentest experts recommend that organizations leverage indicators to block malicious activity associated with the malware.
On the other hand, Sean Newman, director of Product Development at Coreo Network Security, says that this way of creating botnets does not represent any change in the way cyber crime works, because “we have exceeded the time when hackers had to built their own tools for their attacks, with hackers specialized in certain areas and trading their tools or skills in dark web, cyber crime has become a much wider environment”.
Specialists from the International Institute of Cyber Security agree that the use of this type of malware points out the need for companies and institutions to take security measures against this type of attacks.