RSA Research has recently published an interesting update on the underground sale of malware tool, the experts have discovered a server who is offering a set of spyware tools for sale under the vendor names TampStore and Crown Softwares.
While researchers were investigating a Zeus Trojan sample have found the online store which is offering openly spyware tools as legitimate products despite they can be considered illegal in many countries.
The online store offers the following ‘products’:
Also in this case cyber criminals show their ability to manage an efficient sale organization, the proposal includes a detailed advertising that explores also social media like Facebook.
Further analysis conducted by the RSA team have traced a number of entries posted by fraudster in a Romanian hacker forum as well as advertising his availability for hire in a web programming forum.
RSA team succeeded in the analysis of the administration panel and log files of the TampStealer spyware and has found numerous records of stolen login credentials as it is shown in the below image.
This case is considerable interesting not for the proposal itself, but for the advertising capabilities of the cyber criminals that propose it for sale on the open web and social networking sites.
“This particular software tool author does not seem to be afraid or concerned about exposing his software or his email addresses to the general public. Such behavior goes against the trend of pushing cybercriminal activity further underground as has been witnessed by RSA over the last two years.” states RSA in a report on the discovery.
(Security Affairs – RSA, malware)