Romanian Police Arrested Two Malware Service Operators

  • Two men in Romania were arrested for running malware crypting and AV scanning platforms.
  • Their services were used extensively by underground hackers who were looking to raise the effectiveness of their malware.
  • Crypters continue to play a pivotal role in malware campaigns and remain a headache for AV engineers.

Two men based in Bucharest and Craiova, Romania, were arrested for allegedly running the ‘CyberSeal,’ ‘CyberScan,’ and ‘DataProtector’ crypting services. These services help malware authors wrap their payloads (trojans, info-stealers, ransomware) in an encryption shell, essentially evading detection from most AV tools.

Thus, they play a key role in the success of malware operations and also receive significant amounts of money raised via illicit means.

Source: Europol

In the case of CyberSeal and DataProtector, it is estimated that the services were offered to 1,560 criminals who used a total of 3,000 malware strains. The prices for these services vary between $7 and $40 for testing samples against antivirus scanners, and between $40 and $300 for the actual crypting services. The difference in the price depends on the license conditions, as some clients bought ongoing support with updates and practical help.

The police raided four houses and uncovered backend infrastructure (servers) in Romania, Norway, and the United States. As a result, the ‘cyber-seal.org’ and the ‘cyberscan.org’ domains that used to host the two services are now offline.

The law enforcement agencies that worked together to successfully carry out this operation include Europol, Poliția Română, the FBI, the Australian Federal Police, and the Norwegian National Criminal Investigation Service. This goes to show how well-networked these two services were on the dark web, their popularity, efficacy, and extent of their operations.

ZDNet reports that the two suspects were active on the malware scene since at least 2014 when the CyberSeal was launched. DataProtector came online in 2015, and CyberScan was only set up last year. All three were aggressively advertised on a multitude of hacking forums, gradually building up a reputation.

Source: ZDNet

As we analyzed back in December 2019, crypters are an indispensable part of malware operations today, and the space is very active in refreshing their methods to avoid detection. From AES256 to RC4, there’s a range of encryption algorithms used to make malware “stealthy”, while XORing, hexadecimal string transformation, non-ASCII character embedding, string rotation, and character order shifting are all helping achieve that goal.

Latest
How to Watch Rosie Molloy Gives Up Everything Online From Anywhere
Rosie Molloy Gives Up Everything is a new comedy show about a recovering addict who tries to start fresh in life. If...
How to Watch I’m An Alcoholic – Inside Recovery Online From Anywhere For FREE
I’m An Alcoholic – Inside Recovery is a documentary that gives viewers a close-up view of an Alcoholics Anonymous meeting in the...
How to Watch Love Island Australia Season 4 (2022) Online From Anywhere
One of the hottest reality TV shows is returning with a brand new season, and we're excited to watch all the episodes...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari