23 November 2020

Two Romanians arrested for running malware services


Two Romanians arrested for running malware services

Romanian police have arrested two Romanian nationals suspected of running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. The arrests were made as a result of a joint operation carried out by Romanian Police (Poliția Română) together with the United States Federal Bureau of Investigation (FBI), the Australian Federal Police (AFP), the Norwegian National Criminal Investigation Service (Kripos) and Europol.

In a press release Europol said that the CyberSeal and Dataprotector crypting services were used by more than 1560 criminals for crypting several different type of malware, including Remote Access Trojans, information stealers and ransomware. The duo also provided a service called CyberScan, which, similar to a popular online service VirusTotal, allowed their customers to test their malware against antivirus solutions, but unlike VirusTotal, CyberScan didn’t share scan results with antivirus vendors.

The above mentioned services have been offered for sale in the underground criminal market since 2010, according to Europol. The price for the CyberSeal and Dataprotector crypting services varied between US$40 to US$300 depending on licence conditions.

“Their service activity was well structured and offered regular updates and customer support to the clients,” Europol noted. The criminals also offered a Counter Antivirus platform allowing malicious actors to test their malware samples against antivirus software until the malware becomes fully undetectable (FUD). The prices for this service varied between US$7 to US$40.

Back to the list

Latest Posts

Vulnerability summary for the week: January 22, 2021

Vulnerability summary for the week: January 22, 2021

A weekly vulnerability digest.
22 January 2021
Windows Remote Desktop servers abused to amplify DDoS attacks

Windows Remote Desktop servers abused to amplify DDoS attacks

The Microsoft Windows RDP service may be abused to launch UDP reflection/amplification attacks with an amplification ratio of 85.9:1.
22 January 2021
Hackers accidentally exposed stolen credentials via Google search

Hackers accidentally exposed stolen credentials via Google search

The stolen data was saved in a publicly visible file that was indexable by Google.
22 January 2021