One of the most popular malicious programs on the darknet is still malware that has exploited exploits that have been around for many years, according to information security specialists from the company Recorded Future.
The experts analyzed the underground forums in various languages, including English, Russian, Chinese, Spanish and Arabic from 2018-2019, and found that the most popular were the easiest to use, cheap or even free malware.
Among the leaders of sales were the njRat remote access trojan, first discovered in 2012; SpyNote – remote administration tool for Android, containing keylogging and GPS functionality; GandCrab – an extortionist who offers affiliate schemes that allow attackers to easily distribute the cryptographer; DroidJack is a Trojan for Android, a lifetime license for which you can buy for as little as $ 200.
Recall that in early June 2019, operators GandCrab announced the decision to curtail business and instructed partners to stop spreading malware. During its existence, GandCrab brought about $ 2 billion to its operators (on average $ 2.5 million per week). Net profit amounted to $ 150 million, which, according to the operators, were withdrawn and invested in legal companies.
“Forum participants discuss and use available programs more than buy or invent new tools. Malware open source software is free, and many closed source programs such as SpyNote have been previously hacked, which means that many forum participants now distribute unauthorized copies of malicious software, usually at cheaper prices, ”noted Winnona de Sombre, an expert from Recorded Future.
Although most malicious programs have been around for many years, and they are aimed at exploiting vulnerabilities that have long been fixed, such tools still remain effective, because there are many systems for which patches have not been released for many years, leaving them vulnerable to old malware used in simple attacks, including phishing, password cracking, etc., experts write.