{"id":10896,"date":"2013-05-10T12:00:08","date_gmt":"2013-05-10T19:00:08","guid":{"rendered":"http:\/\/blog.webroot.com\/?p=10896"},"modified":"2023-12-01T10:12:51","modified_gmt":"2023-12-01T17:12:51","slug":"cybercriminals-offer-http-based-keylogger-for-sale-accept-bitcoin","status":"publish","type":"post","link":"https://www.webroot.com/blog/2013\/05\/10\/cybercriminals-offer-http-based-keylogger-for-sale-accept-bitcoin\/","title":{"rendered":"Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin"},"content":{"rendered":"

By Dancho\u00a0Danchev<\/strong><\/p>\n

In 2013, Liberty Reserve<\/strong><\/a> and Web Money<\/strong><\/a> remain the payment method of choice for the majority of Russian\/Eastern European cybercriminals.\u00a0Cybercrime-as-a-Service\u00a0underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product\/service is available for purchase through the use of these\u00a0ubiquitous\u00a0virtual currencies.<\/p>\n

What’s the situation on the international underground market? Next to accepting PayPal and consequently all major credit cards, we’ve been observing an increase in market propositions starting to accept Bitcoins<\/strong><\/a>. Is this a trend or a fad, and does the currency’s P2P model about to be embraced ecosystem-wide due to its (current)\u00a0pseudo-anonymous model<\/strong><\/a>?<\/p>\n

Let’s find out.<\/p>\n

More details:<\/p>\n

<\/p>\n

Sample advertisement for the HTTP-based keylogger:<\/strong><\/p>\n

\"HTTP_DIY_Keylogger\"<\/a><\/p>\n

Sample screenshot of the administration panel:<\/strong><\/p>\n

\"HTTP_DIY_Keylogger_Admin_Panel\"<\/a><\/p>\n

The keylogger\u00a0is currently available for $35.\u00a0The\u00a0author is\u00a0also (manually) ensuring that it remains undetected by all major antivirus vendors on a systematic basis,\u00a0and is\u00a0currently accepting PayPal, Liberty Reserve, Moneypak, and as of recently, Bitcoin. Considering the fact its author is OPSEC-unaware\u00a0compared to his Russian\/Eastern European “colleagues”, the use of Bitcoin in this particular case appears to be more of a way to for him to diversify the ways through which he’s accepting payments, rather than a practice aimed at improving his OPSEC (Operational Security)<\/strong><\/a> or anonymity.<\/p>\n

Despite the numerous international underground market propositions accepting Bitcoin\u00a0that we’re currently aware of, we expect that the buzz surrounding the virtual currency will only affect the international marketplace, with limited impact for the majority of Russian\/Eastern European cybercriminals, which we think will continue relying on Liberty Reserve and Web Money as their primary way of accepting and sending payments – a process which they’ve practiced to perfection over the years, largely thanks to easily obtainable fake IDs\/passports<\/strong>, the overall availability of money mules<\/a>\u00a0<\/strong>participating in the cybercrime\u00a0ecosystem, and cybercrime-friendly virtual currency processing providers.<\/p>\n

You can find more about Dancho\u00a0Danchev at his\u00a0LinkedIn Profile<\/strong><\/a>. You can also\u00a0follow him on Twitter<\/strong><\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

By Dancho\u00a0Danchev In 2013, Liberty Reserve and Web Money remain the payment method of choice for the majority of Russian\/Eastern European cybercriminals.\u00a0Cybercrime-as-a-Service\u00a0underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product\/service is available for purchase through the use of these\u00a0ubiquitous\u00a0virtual currencies. What’s the situation on the international underground […]<\/p>\n","protected":false},"author":65,"featured_media":17052,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[14513,5735,14509,14511,14499,5905,14491,14487,14505,14495,14489,10929,14503,14493,14501,14497,5977,10921,14507],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/10896"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=10896"}],"version-history":[{"count":2,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/10896\/revisions"}],"predecessor-version":[{"id":32347,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/10896\/revisions\/32347"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17052"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=10896"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=10896"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=10896"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=10896"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}