If all the claims included in the adverts for the multi-platform, multi-purpose piece of malware called Zorenium are true, it could very well have a considerable impact on a large number of users, and become a favorite tool for cyber crooks.
Researchers with cyber intelligence company SenseCy have been following the advent of the malware on a variety of underground forums, but have yet to get their hands on a sample.
First spotted for sale in January 2014, the first variants of the malware are purportedly capable of infecting Linux- and Windows-based machines, have rootkit capabilities, can make the infected machine participate in DDoS attacks, can grab the contents of forms, kill other bots, mine Bitcoins, and also function as a banking Trojan.
“The cost of a basic Zorenium bot is 350 GBP (around $580) and with advanced features (including P2P C&C, i2p C&C and more) it can go up to over 5000 GBP (around $8315),” the researchers noted.
Zorenium’s developers do say that the malware is still in beta mode, but they are obviously working on adding as many helpful features as possible before launching a complete version.
According to an advert released on March 18th (and made available on Pastebin), the developers have apparently made it possible for it to run on iOS, versions 5 to 7, most Debian platforms, and on Android tablets.
They have also seemingly updated the rootkit to TDL4, and the bot can terminate over 40 different versions of popular AV software.
The developers claim that Zorenium has detection rate of up to 40%, but is yet to be used in the wild. It also apparently has modules that simulate the shutdown of the system, but actually only put the screen in standby mode and “delays” the device’s fans to complete the illusion.
Many more functionalities have apparently been included, and the developers are looking for beta testers.