A group of minors has been spotted building, advertising and selling various malware and ransomware strains on Discord, earning pocket money for themselves in the process.
Cybersecurity experts from Avast recently discovered a Discord server in which a group of hackers discussed building, upgrading and selling malware families such as Lunar, Snatch and or Rift.
After a closer inspection of the discussion, researchers concluded that the group consisted of mostly minors, as they kept mentioning their parents and teachers, as well as throwing various age-related insults at each other.
To join the group, and essentially become the user of the malware-as-a-service, one must pay a fee, which ranges from anywhere between €5 and €25. Avast says up to 100 accounts have paid to access one such group.
Trickery and deception
The group in question builds and exchanges various types of malware, including those with password-stealing capabilities, infostealers, those capable of mining various cryptocurrencies for the attackers, and in some cases, even running ransomware attacks.
When it comes to distributing the malware, the process is more-or-less the usual, with a little twist. The crooks create a YouTube video, demonstrating a crack for commercial software or a popular computer game, and include a download link for the fake crack in the description.
To help build authenticity, other members of the Discord group then add comments to the video, thanking the author for their contribution and “confirming” that the file on the download link is actually legitimate.
This, Avast claims, is a lot more sinister, compared to the usual practice of using bots to add comments, as it’s almost impossible to detect fraud when genuine accounts support a video.
Spreading ransomware, infostealers, and other malware might be an illegal, malicious practice, but with this group, in many instances, it’s all perceived as pranking, Avast concluded.
