AAA malware vendesi, vero affare: che il Dark Web sia pieno di hacker e aspiranti cybercriminali che mettono in vendita i propri virus lo sanno ormai tutti, ma il prezzo vi stupirà.
L’azienda di cybersicurezza israeliana Check Point ha pubblicato sul suo blog un interessantissimo post, diverso dai soliti comunicati stampa su app infette o nuovi virus appena scoperti. Si tratta di un “dietro le quinte“, un viaggio nel Dark Web seguendo le tracce di due sviluppatori di malware e i loro tentativi di vendere i propri prodotti.
Uno spaccato dell'”altra faccia del Web“, quella frequentata da criminali e aspiranti tali che sgomitano per mettersi in luce nell’ambiente degli hacker al fine di vendere, o meglio di affittare a canone mensile, i propri virus informatici. Check Point ne ha seguiti due, che si fanno chiamare “Triangulum” e “HexaGoN Dev“. The first one is a novice, but with a great desire to learn and, above all, to make money with malware. The second one is instead more experienced in programming, but he is not good at selling the product. From the encounter between the two a mini hacker team is born and, above all, a new malware: Rogue.
Rogue, story of a malware (and of two hackers)
Rogue is a RAT, that is a Remote Access Trojan able to spy on the devices on which it is installed and to send the data to a remote server. It is a malware with many arrows in its bow: it can steal contact and call lists, turn Wi-Fi and Bluetooth on and off, take photos and record audio videos secretly, read messages from all messaging apps, send fake alerts and notifications.
It is also capable of taking screenshots, tracking GPS position, executing commands and, of course, sending all collected data to a remote server. It is, therefore, a classic RAT, a complete spying tool, which also has the convenience of being able to be operated from a smartphone.
Where to buy Rogue
Rogue is sold in protected (and hidden) forums on the Dark Web by Triangulum, but it is actually the evolution of DarkShades. The latter is another RAT, developed last year by HexaGoN Dev. Check Point, therefore, has discovered that the two hackers have joined forces to try to place the “rebranded” product.
And with rather pathetic methods too: pretending to be extraneous to the project, in fact, HexaGoN Dev comments on the post in which Triangulum puts Rogue up for sale and asks if “it also collects the IP address? Sounds substantial and promising.” Unfortunately, however, the virus for sale doesn’t find any buyers because Triangulum doesn’t want to publish a video showing Rogue in action: when asked, the would-be malware seller replies “No, it’s a simple but good tool. You don’t need a video.”
How much does Rogue cost
Those who buy Rogue can then use it to launch blanket spying campaigns and collect all sorts of data from infected smartphones: from WhatsApp conversations to private photos and videos, and all user accounts, including bank accounts of course.
How much does this “simple but good tool” cost? Two bits: a one-month subscription costs $29.99, a three-month subscription costs $45, a six-month subscription costs $80, and a lifetime subscription costs $189. If we’re seeing a boom in malware and hacker attacks in recent years, after all, it’s only because the cybercrime industry has lowered its production costs.