Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin

by


By Dancho Danchev

In 2013, Liberty Reserve and Web Money remain the payment method of choice for the majority of Russian/Eastern European cybercriminals. Cybercrime-as-a-Service underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product/service is available for purchase through the use of these ubiquitous virtual currencies.

What’s the situation on the international underground market? Next to accepting PayPal and consequently all major credit cards, we’ve been observing an increase in market propositions starting to accept Bitcoins. Is this a trend or a fad, and does the currency’s P2P model about to be embraced ecosystem-wide due to its (current) pseudo-anonymous model?

Let’s find out.

More details:

Sample advertisement for the HTTP-based keylogger:

HTTP_DIY_Keylogger

Sample screenshot of the administration panel:

HTTP_DIY_Keylogger_Admin_Panel

The keylogger is currently available for $35. The author is also (manually) ensuring that it remains undetected by all major antivirus vendors on a systematic basis, and is currently accepting PayPal, Liberty Reserve, Moneypak, and as of recently, Bitcoin. Considering the fact its author is OPSEC-unaware compared to his Russian/Eastern European “colleagues”, the use of Bitcoin in this particular case appears to be more of a way to for him to diversify the ways through which he’s accepting payments, rather than a practice aimed at improving his OPSEC (Operational Security) or anonymity.

Despite the numerous international underground market propositions accepting Bitcoin that we’re currently aware of, we expect that the buzz surrounding the virtual currency will only affect the international marketplace, with limited impact for the majority of Russian/Eastern European cybercriminals, which we think will continue relying on Liberty Reserve and Web Money as their primary way of accepting and sending payments – a process which they’ve practiced to perfection over the years, largely thanks to easily obtainable fake IDs/passports, the overall availability of money mules participating in the cybercrime ecosystem, and cybercrime-friendly virtual currency processing providers.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.