Some malware developers sell their product, other offer its source code for free. So, what’s the catch? What’s in it for them?
The analysis of a malware sample Trend Micro researchers received revealed this rare criminal modus operandi. Having discovered the malware author’s online nickname, they managed to discover the link to the website where he advertises it and offers a free download of its source code:
Monitoring the site for weeks, they were able to follow how the developer offered newer and newer versions of the malware with added capabilities such as terminating certain AV solutions.
By analyzing all the versions, they were able to discover that part of the code isn’t directly accessible because the author wanted to hide his main routines, and also that some of the stolen credentials are sent not only to the criminals who ultimately disseminated the malware, but also to its author. The malware does not do this stealthily – the developer said that this would happen in the advertisements for the malware.
So, this is the “payment” for the developer. He let others think of a way to distribute the malware, while he sits and collects the portion of the credentials. If this kind of deal becomes normal, we can look forward to more attacks, since criminals who do not know how to write the malware or have money to pay someone who does can now aim for a piece of the cybercrime pie.