Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin

by

Share this news now.

By Dancho Danchev

In 2013, Liberty Reserve and Web Money remain the payment method of choice for the majority of Russian/Eastern European cybercriminals. Cybercrime-as-a-Service underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product/service is available for purchase through the use of these ubiquitous virtual currencies.

What’s the situation on the international underground market? Next to accepting PayPal and consequently all major credit cards, we’ve been observing an increase in market propositions starting to accept Bitcoins. Is this a trend or a fad, and does the currency’s P2P model about to be embraced ecosystem-wide due to its (current) pseudo-anonymous model?

Let’s find out.

More details:

Sample advertisement for the HTTP-based keylogger:

HTTP_DIY_Keylogger

Sample screenshot of the administration panel:

HTTP_DIY_Keylogger_Admin_Panel

The keylogger is currently available for $35. The author is also (manually) ensuring that it remains undetected by all major antivirus vendors on a systematic basis, and is currently accepting PayPal, Liberty Reserve, Moneypak, and as of recently, Bitcoin. Considering the fact its author is OPSEC-unaware compared to his Russian/Eastern European “colleagues”, the use of Bitcoin in this particular case appears to be more of a way to for him to diversify the ways through which he’s accepting payments, rather than a practice aimed at improving his OPSEC (Operational Security) or anonymity.

Despite the numerous international underground market propositions accepting Bitcoin that we’re currently aware of, we expect that the buzz surrounding the virtual currency will only affect the international marketplace, with limited impact for the majority of Russian/Eastern European cybercriminals, which we think will continue relying on Liberty Reserve and Web Money as their primary way of accepting and sending payments – a process which they’ve practiced to perfection over the years, largely thanks to easily obtainable fake IDs/passports, the overall availability of money mules participating in the cybercrime ecosystem, and cybercrime-friendly virtual currency processing providers.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.


Share this news now.
Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin by

Tags:



About the Author

Name: Dancho Danchev
Role: Contributing Threat Researcher

Share this news now.

Dancho Danchev is an internationally recognized security blogger, cybercrime researcher, and a public speaker.  He’s been an active security blogger since 2006, maintaining a popular security blog, where he shares detailed analyses of tactics, techniques, and procedures (TTP) of malicious and fraudulent adversaries.

You can find out more about Dancho’s expertise and experience at his LinkedIn Profile, or at Wikipedia.

You can also follow him on  TwitterGoogle+ or Facebook.


Share this news now.
Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin by