Pierluigi Paganini November 22, 2020

Two Romanians arrested for running three malware services

Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service.

Romanian police forces have arrested this week two individuals suspected of running two malware crypter services called CyberSeal and DataProtector, and a malware testing service called CyberScan.

The arrests are the result of a joint operation conducted with the support of the FBI, Europol, Australian, and Norwegian police.

“Two Romanian suspects have been arrested yesterday for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection.” reads the press release published by the Europol. “These services have been purchased by more than 1560 criminals and used for crypting several different type of malware, including Remote Access Trojans, information stealers and ransomware. The pair also operated the Cyberscan service which allowed their clients to test their malware against antivirus tools.“

Crypter services are used by vxers to scramble the code of their malicious code to evade detection.

“A number of 4 people will be taken to the DIICOT headquarters – Central Structure for the hearing.” reads the press release published by Romania’s Directorate for Investigating Organized Crime and Terrorism (DIICOT).
The international cooperation activities were carried out through the EMPACT Cybercrime Attacks Against Information System program and with the support of the Join Action Crime Task Force (J-CAT).

The Cyberscan service, like the legitimate VirusTotal platform, allows its users to test their malware against antivirus tools.

Malware authors use it to scan their new malware and check if it would be detected by antivirus software, unlike VirusTotal, CyberScan didn’t share scan results with antivirus vendors.

“Their clients paid between US$40 to US$300 for these crypting services, depending on licence conditions. Their service activity was well structured and offered regular updates and customer support to the clients.” continues the press release.

“The criminals also offered a Counter Antivirus platform allowing criminals to test their malware samples against antivirus software until the malware becomes fully undetectable (FUD). The prices for this service varied between US$7 to US$40.”

The Romanian duo had been active in the cybercrime underground at least since 2014 when they launched CyberSeal. DataProtector was launched in 2015, while CyberScan was launched in 2019.

The prices for the three serviced were ranging from $40 up to $150.

The police searched four houses in Bucharest and Craiova and arrested 2 administrators. The police seized the backend infrastructure in Romania, Norway and the United States.

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]