Amateur Cybercriminals Targeted by Fake Malware

This post is also available in: עברית (Hebrew)

Is there honor among thieves? Don’t be so sure- cybersecurity firm HP Wolf Security has detected fake malware designed to lure wannabe digital crooks into exposing their own devices. The firm claims that it uncovered the scheme while performing a routine sweep of some dark corners of the web for its third-quarter report.

The company reportedly exposed the cybercriminals hosting fake remote access trojans (RATs) on GitHub and attempting to trick inexperienced cybercriminals into infecting their own PCs. They stated that “The code repositories claim to contain full versions of a popular malware kit called XWorm that sells for up to $500, but instead downloads and runs malware on the aspiring hacker’s machine.”

According to Cybernews, other popular types of malware used to bait novice cybercriminals that came up on HP Wolf’s radar included Coinminer, Redline Stealer, and ClipBanker.

The company further claims that it saw hackers take advantage of XWorm’s popularity by using the malware as a lure. “Our investigation found numerous code repositories on GitHub (the source code hosting platform) claiming to contain the full XWorm kit.” Unfortunately for the amateur criminals, these projects are in fact booby-trapped with malware, and when the supposed XWorm RAT is opened, malware is downloaded from the web in the background and runs on the target’s system.

The company details that the fake malware projects are likely targeting “curious, inexperienced, or resource-strapped cybercriminals seeking free or cheaper “cracked” versions of XWorm because of its high cost compared to other RATs.”

HP Wolf Security also mentioned another notable cybercriminal campaign in its quarterly report, in which cybercriminals used infected PowerPoint presentations to target hotel businesses in Latin America.