Nada incorpora a evolução dos crimes digitais completamente como crimeware-as-a-service. Anos atrás, maus atores predados usuários desavisados por baseando-se principalmente em sua perspicácia técnica. Certo, eles poderiam compartilhar suas técnicas em fóruns de IRC, mas, em última análise, cabia ao invasor codificar e depurar seus programas maliciosos. Ninguém faria isso por eles.
Hoje, desenvolvedores de malware ainda estão lá fora. Mas nem todo invasor é um programador. Existem alguns atores ruins com baixos níveis de conhecimento técnico. Essas pessoas preferem ajudar a distribuir o programa de outra pessoa… contanto que eles consigam manter alguns dos estragos de suas campanhas de ataque.
Essa preferência deu origem ao crimeware como serviço, a model under which anyone can purchase a license to a digital attack tool. Those programs often come with a web interface that allows affiliates to customize their campaigns’ targets and pretexts. At the conclusion of each license period, the license-holders get to keep a share of the profits, whereas a fraction also goes to the original developer. Some licenses expire after just 30 dias. Others last a lifetime.
Scamming as a Service
The security community has seen crimeware-as-a-service take the form of ransomware e Trojans de acesso remoto (RATs). It’s now come across another iteration of the underground affiliate model: Scam in a Box.
Scam in a Box refers to a service through which criminals with low technical expertise can purchase the infrastructure, solução de problemas, and maintenance necessary to perpetrate a convincing scam online. Por exemplo, one service called Inboundpopaps says it provides “formulários,” “registry cleaners,” e “anti-virus packages.” to increase inbound calls.
The long and short of it? William Tsing of Malwarebytes explica:
Pretty cut and dry. ‘We provide malicious software for fraudulent purposes.’ Also notice the admission that PUPs and tech support scams go hand in hand. For more on this connection, see Pieter’s post aqui. Inboundpopaps is considerably more slick than most scams on the market, and even attempts to limit traffic to real, paying customers.
Inboundpopaps offers several different products to buyers. One service called “Smart Pack” helps criminals create their own “antivirus, blue screen pop up calls,” Em outras palavras, customers can use the offering to create their own tech support scam.
Smart Pack comes with an app, a redirecting portal, and even pay-per-click (PPC) training on the use of proper keywords and geolocation.
Another service, “Installarex,” is software that mimics a registry cleaner. But that’s not really what it is. It’s actually a screen locker that activates 72 hours after installation.
50 percent of the service’s cost is due at the time of purchase, while the rest comes after delivery and before training. Once that amount is paid, criminals can do whatever they want with it. That includes “instalar[ing] the software if you are taking inbound calls and not able make sale on which calls.”
Claramente, the developers have thought out how Smart Pack, Installarex, and their other services can be bundled together.
Last but not least is App Market. Tsing weighs in on the product:
…[W]e see offers for fake mobile apps, along with training on how to sneak them into assorted app stores. This is intriguing as mobile tech support scams aren’t extremely common. Infelizmente, as much as we’d love to “Ask For Price”, that link simply reloads the page. The blurb for windows lockers quotes the monthly maintenance as 2000 IND per month, which equates to about $30 USD. Given that price is for one of the more resource intensive scams, one might presume the others are even cheaper.
Scam in a Box solutions like those offered by Inboundpopaps make it easy for criminals with low levels of technical expertise to perpetrate a scam. Como um resultado, it would be foolish of us to think scams will be going away anytime soon. Which is why users need to protect themselves against some of the most common scams. They can do so by installing an ad-blocker and by downloading legitimate software directly from vendors’ sites and not from sketchy third-party marketplaces.
Nota do editor:
De tempos em tempos, SensorsTechForum apresenta artigos de hóspedes por segurança cibernética e os líderes infosec e entusiastas como este post. As opiniões expressas nestas mensagens de hóspedes, Contudo, são de inteira responsabilidade do autor contribuindo, e podem não refletir as de SensorsTechForum.