U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

RSA – Malware proposal on the open web increasingly fearless

The RSA Research Team has discovered the offer of a complete collection of malware through open channels like social media and emails. RSA Research has recently published an interesting update on the underground sale of malware tool, the experts have discovered a server who is offering a set of spyware tools for sale under the […]

RSA – Malware proposal on the open web increasingly fearless

The RSA Research Team has discovered the offer of a complete collection of malware through open channels like social media and emails.

RSA Research has recently published an interesting update on the underground sale of malware tool, the experts have discovered a server who is offering a set of spyware tools for sale under the vendor names TampStore and Crown Softwares.

While researchers were investigating a Zeus Trojan sample have found the online store which is offering openly spyware tools as legitimate products despite they can be considered illegal in many countries.

The online store offers the following ‘products’:

  • TampZusa – stealer application for stealing information and images from browsers, email clients, keylogging, screen captures, webcam, and messenger clients
  • TampStealer – same as TampZusa, with a few extra bonuses added to the package
  • TampKelogger Classic – a basic case-sensitive keylogger that can also record window titles
  • TampKeylogger Premium – a full featured keylogger that also includes all the features of the TampStealer
  • TampSpammer – a basic mass-mailer spamming application Of all the listed products, the TampStealer appears to be the most complete package of spyware tools. The following is a list of the features advertised in the online store.

Also in this case cyber criminals show their ability to manage an efficient sale organization, the proposal includes a detailed advertising that explores also social media like Facebook.

Further analysis conducted by the RSA team have traced a number of entries posted by fraudster in a Romanian hacker forum as well as advertising his availability for hire in a web programming forum.

RSA team succeeded in the analysis of the administration panel and log files of the TampStealer spyware and has found numerous records of stolen login credentials as it is shown in the below image.

RSA malware tool

 

This case is considerable interesting not for the proposal itself, but for the advertising capabilities of the cyber criminals that propose it for sale on the open web and social networking sites.

“This particular software tool author does not seem to be afraid or concerned about exposing his software or his email addresses to the general public. Such behavior goes against the trend of pushing cybercriminal activity further underground as has been witnessed by RSA over the last two years.” states RSA in a report on the discovery.

Pierluigi Paganini

(Security Affairs –  RSA, malware)