In a series of blog posts, we’ve been profiling the tactics and DIY tools of novice cybercriminals, whose malicious campaigns tend to largely rely on social engineering techniques, on their way to trick users into thinking that they’ve been exposed to a legitimate Java applet window. These very same malicious Java applets, continue representing a popular infection vector among novice cybercriminals, who remain the primary customers of the DIY tools/attack platforms that we’ve been profiling.
In this post, I’ll discuss a popular service, that’s exclusively offering hosting services for malicious Java applets.
Sample screenshot of the service:
For a one time fee of $20, the service offers detailed statistics about how people ran the applet hosted on their server, as well as the ability to clone a popular website to be later on automatically embedded with a custom malicious Java applet on it. The service is also offering managed rotation of typosquatted domains to its prospective customers, in an attempt to make it easier for them to operate their campaigns.
Based on our initial analysis on the service’s operations, we can easily conclude that its operators lack the experience and motivation to run it, compared to that of sophisticated bulletproof hosting providers, like the ones we’ve already profiled in the past. Nevertheless, its public availability has already empower multiple novice cybercriminals with the hosting services necessary to achieve their malicious objectives.
Although we believe that this a short-term oriented market niche international underground market proposition, we’ll continue monitoring its development.