Pierluigi Paganini
April 18, 2022
Malware HunterTeam and Bleeping Computer reported the born of a new marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [1, 2] that drop the following wallpaper that promotes the site.
Here is the wallpaper that gets dropped on systems where one of their samples run.
— MalwareHunterTeam (@malwrhunterteam) April 15, 2022
Same typos/mistakes as in the text notes seen, and also the whole text is repeated.
Very strange…pic.twitter.com/on0v3IryKB
Upon executing the malware it creates README.txt files in every folder on the machine, the content of the files includes a description of the service and a link to the Tor site.
Below is the description for the marketplace:
“There you can buy or download for free private and compromising data of your competitors. We public schemes, drawings, technologies, political and military secrets, accounting reports and clients databases. All this things were gathered from the largest worldwide companies, conglomerates and concerns with every activity. We gather data using vunlerability in their IT infrastructure. in their IT infrastructure. Industrial spy team processes huge massives every day to devide you results. You can fid it in their portal:
HTTP[:]//spyarea23ttlty6qaXXXXXXXXXXXXXXj5onstsjad.onion/
(Tor browser required) We can save your time gaining your own goals or goals of your company.With our information you could refuse partnership with unscrupulous partner, reveal dirty secrets of your competitors and enemies and earn millions dollars using insider information. “He who owns the information, owns the world” Nathan Mayer Rothschild“
The experts noticed that the wallpaper includes typos and mistakes and the whole text is repeated, which is strange for professional threat actors.
Industrial Spy is a marketplace that offers businesses data on their competitors, including intellectual property and trade secrets.
The marketplace has different levels of data offerings, from $2 for individual files up to “premium” stolen data related which represents all data stolen from an organization and that could be proposed for million of dollars.
Some data dumps are available on Industrial Spy for free, they were likely downloaded from the leak sites of ransomware gangs or other hacking forums.
BleepingComputer added that the executables discovered by MalwareHunterTeam are being distributed through other malware downloaders, including cracks and adware.
The group is also operating Twitter and Telegram accounts to share info about the availability of new datasets.
Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Industrial Spy)
[adrotate banner=”5″]
[adrotate banner=”13″]
