A cybersecurity expert tricked BreachForums cybercriminals into offering them a fake ransomware kit. This tool, which had become popular among hackers, hid a back door.
Cristian Cornea, a cybersecurity specialist, had fun trapping cybercriminals who frequent BreachForums, a platform popular with hackers. In a blog post published on Medium, he explains that he came up with the idea for this trap because he was bored.
To fool cybercriminals, the expert posted online a fake kit to create and deploy ransomware. On the famous criminal forum, you can indeed find a range of tools that facilitate the work of extortion professionals. These tools are mainly aimed at budding cybercriminals, whose technical skills are limited.
Also read: More than 4 million sites in danger – a serious flaw affects a WordPress plugin
A fake ransomware kit
Promoted on the forum, the kit, called Jinn Ransomware Builder, promised to bring together all the resources necessary for an extortion operation. In the ad, he explains that users “can tailor ransomware to their specific needs”and that it is a tool capable of “create highly customizable and undetectable ransomware”.
In short, the ad had everything to please budding hackers. To go even further, the researcher advertised his tool on social networks, specifying that the kit promises to “bypass all current detection mechanisms”.
Dozens of cybercriminals quickly downloaded the kit in order to orchestrate their ransomware cyberattacks. It quickly became one of the most popular software in its category on BreachForums.
As the security specialist explains, the proposed tool is in fact “a pot of lamb”. This name designates a tool designed to attract and fool cybercriminals like bait. Nevertheless, “some of the features” promises were present.
A back door
Cristian Cornea explains having slipped a back door in the tool code. This one will “initiate a remote connection” and retrieve an installation file from a server. Ultimately, the attacker finds himself able to install anything on the cybercriminals’ computer.
Obviously, the expert didn’t go any further in the hacking process. With his trapped tool, he only wanted to demonstrate how it was possible to fool pirates. In any case, more than 100 cybercriminals unknowingly connected to Cristian Cornea’s server.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
Medium
Senegal
