We live in a world where more and more products and services are available for purchase by means of subscription, or ‘as-a-service’ mode. The concepts of ‘Software-as-a-service’ or ‘Platform-as-a-service’ have been known on the IT market for a good few years now. ‘Ransomware-as-a-service’ or ‘Malware-as-a-service’ modes are gaining popularity among the cybercriminals
As the Cisco Talos team reported in its article published on August 4, the network has recently seen the operation of a service called ‘Dark Utilities’, which allows an easy, fast, and inexpensive way to set up and run a C2 server threat actors use for malicious cyberactivities. This platform enables the generation of a Windows, Linux, and Python-based payload, allowing it to infect the victim machine, establish a communication channel with the C2, and permanently nest in the infected system (persistence). The mentioned ‘C2-as-a-service’ becomes a ‘full-fledged’ malware control center, allowing sending commands or subsequent payloads to victim machines and collecting data sent from them. It has a modular design, enabling, among others, DDoS attacks and cryptojacking. All this for less than 10 euros. According to information provided by Talos, ‘Dark Utilities’ has about 3,000 active subscribers and is available both in the clear-web and on the TOR network.
Source:
Attackers leveraging Dark Utilities “C2aaS” platform in malware campaigns
Thousands of hackers flock to ‘Dark Utilities’ C2-as-a-Service
