Romanian police have arrested two Romanian nationals suspected of running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. The arrests were made as a result of a joint operation carried out by Romanian Police (Poliția Română) together with the United States Federal Bureau of Investigation (FBI), the Australian Federal Police (AFP), the Norwegian National Criminal Investigation Service (Kripos) and Europol.
In a press release Europol said that the CyberSeal and Dataprotector crypting services were used by more than 1560 criminals for crypting several different type of malware, including Remote Access Trojans, information stealers and ransomware. The duo also provided a service called CyberScan, which, similar to a popular online service VirusTotal, allowed their customers to test their malware against antivirus solutions, but unlike VirusTotal, CyberScan didn’t share scan results with antivirus vendors.
The above mentioned services have been offered for sale in the underground criminal market since 2010, according to Europol. The price for the CyberSeal and Dataprotector crypting services varied between US$40 to US$300 depending on licence conditions.
“Their service activity was well structured and offered regular updates and customer support to the clients,” Europol noted. The criminals also offered a Counter Antivirus platform allowing malicious actors to test their malware samples against antivirus software until the malware becomes fully undetectable (FUD). The prices for this service varied between US$7 to US$40.