Cyber threat actors are introducing new services to expand their “Client” base. The Pay-per-Install (PPI) distribution model is based on revenue sharing and commissions. The PPI model was initially used to distribute advertisements but is has transitioned to install malware. Malware authors do not have the resources or bandwidth to spread their malware on a large scale. Instead they can rely on a network of affiliates, who distribute the malware, and in return get paid a commission for every
malware-as-a-service (3)
Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research. Affiliates are typically threat actors responsible for gaining an initial foothold in a target network. In a recent analysis published by Sophos. The report states that the new deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads for fu
An adversary known for targeting the Financial Cyber Sector, at least since 2018, has switched up its tactics to include a new Python-based remote access Trojan (RAT).[1] This RAT can steal passwords, documents, browser cookies, email credentials, software licenses, and credentials for trading software/platforms, customer credit card information, and proof of address/identity documents, and other sensitive information. The group is suspected of offering APT style hacker-for-hire services to o
