To protect themselves against this campaign, users can reference the indicators of compromise included in InfoArmor’s blog post We have identified in excess of 1,639,000 records collected in the past few months from the infected victims with various credentials to online-services, gaming, social media, corporate resources and exfiltrated data from the uncovered network.” In many instances, popular ransomware such as CryptXXX, CTB-Locker and Cerber, online-banking Trojan Dridex, password stealing spyware Pony, and others were associated with the identified RAUM instances. “According to expert statistics, malicious torrents infect over 12 million users a month, creating significant security risks for users on a myriad of platforms. This complex infrastructure has helped the computer criminals meet with quite a bit of success over the past few months, InfoArmor notes: Initially, computer criminals relied on uTorrent, but now they’re using virtual servers comprised of hacked devices to get the job done. To protect against detection, some of the files are hosted on the Tor network.Īll that remains is distribution. Together, all of those malicious files provided by affiliates form the basis of the network’s seedbase, which admins manage using an easy-to-use dashboard.Ĭriminals monitor those files intently to see if anti-virus solutions have flagged any of them as suspicious. In fact, no one is allowed to join without receiving an invitation from another pre-approved member. That type of framework allows the network’s administrators to carefully screen its members. This model leverages paying cybercriminals to distribute malware through modified torrent files that are joined with malware.” “The so-called ‘RAUM’ tool has been actively used on uncovered underground affiliate networks based on a ‘Pay-Per-Install’ model (PPI). Like many attack campaigns in the underground web, the RAUM network operates according to an affiliate system. Others are weaponized torrent files, while others still are parsed torrent files that rely on a high download rating, a reputation which the attackers artificially inflate by abusing compromised users’ accounts to set up new seeds. Some are fake copies of those popular torrent files that in reality hide notorious malware such as CryptXXX, Cerber, or Dridex. Computer criminals then apply their RAUM tool to create a series of malicious files.
0 kommentar(er)
