Ransomware-as-a-service (RaaS) and Malware-as-a-service (MaaS) are common schemes that cybercriminals use to perform their nefarious activities. However, there is a new addition to the list: Dropper-as-a-Service (DaaS). Threat actors increasingly use DaaS to rapidly spread their malware across thousands of PCs and steal sensitive data.
DaaS is used by threat actors to distribute their malware to unsuspecting users more easily. They mask their malware as real or pirated apps and trick their targets into downloading and installing them.
In a research conducted by Sophos, a huge network of websites was revealed that provides a low-cost solution to help threat actors distribute their malware.
“During our recent investigation into an ongoing Raccoon Stealer (an information stealing malware) campaign, we found that the malware was being distributed by a network of websites acting as a “dropper as a service,” serving up a variety of other malware packages,” wrote Sophos. “Multiple front-end websites targeting individuals seeking “cracked” versions of popular consumer and enterprise software packages link into a network of domains used to redirect the victim to the payload designed for their platform.”
Some of these websites charge only $2 for tricking a thousand targets into downloading the malware. The scheme includes dropping various types of malware based on location and time. Some droppers were also used as infostealers, researchers found.
The evolution of the website networks has been largely based on the changes in the market dynamics. Currently, cybercriminals are leveraging the stolen credential market and cryptocurrency scams to identify their targets.
The only silver lining here is that most of the droppers are easily identified. However, there’s a caveat: Since they are encrypted in archives, they cannot be detected by security tools unless they are unwrapped.
The recent years have seen a growth in the trend of X-as-a-service. The easiest way to avoid falling into their trap is to avoid cost-cutting measures, such as using cracked software.
Researchers say offering cracked versions of expensive software is a common strategy cybercriminals adopt to break into an organization’s internal network and system.