RSA – Malware proposal on the open web increasingly fearless

Pierluigi Paganini June 22, 2014

The RSA Research Team has discovered the offer of a complete collection of malware through open channels like social media and emails.

RSA Research has recently published an interesting update on the underground sale of malware tool, the experts have discovered a server who is offering a set of spyware tools for sale under the vendor names TampStore and Crown Softwares.

While researchers were investigating a Zeus Trojan sample have found the online store which is offering openly spyware tools as legitimate products despite they can be considered illegal in many countries.

The online store offers the following ‘products’:

  • TampZusa – stealer application for stealing information and images from browsers, email clients, keylogging, screen captures, webcam, and messenger clients
  • TampStealer – same as TampZusa, with a few extra bonuses added to the package
  • TampKelogger Classic – a basic case-sensitive keylogger that can also record window titles
  • TampKeylogger Premium – a full featured keylogger that also includes all the features of the TampStealer
  • TampSpammer – a basic mass-mailer spamming application Of all the listed products, the TampStealer appears to be the most complete package of spyware tools. The following is a list of the features advertised in the online store.

Also in this case cyber criminals show their ability to manage an efficient sale organization, the proposal includes a detailed advertising that explores also social media like Facebook.

Further analysis conducted by the RSA team have traced a number of entries posted by fraudster in a Romanian hacker forum as well as advertising his availability for hire in a web programming forum.

RSA team succeeded in the analysis of the administration panel and log files of the TampStealer spyware and has found numerous records of stolen login credentials as it is shown in the below image.

RSA malware tool


This case is considerable interesting not for the proposal itself, but for the advertising capabilities of the cyber criminals that propose it for sale on the open web and social networking sites.

“This particular software tool author does not seem to be afraid or concerned about exposing his software or his email addresses to the general public. Such behavior goes against the trend of pushing cybercriminal activity further underground as has been witnessed by RSA over the last two years.” states RSA in a report on the discovery.

Pierluigi Paganini

(Security Affairs –  RSA, malware)

you might also like

leave a comment