Access to ready-to-use malware has become so easy that teenagers use it to annoy victims. The same tools, however, can be used for far more nefarious purposes.
Malware-as-a-service (MaaS) is shaping up to be a household service. Researchers at Avast have discovered that capable malicious software dubbed 'Lunar' is repurposed to satisfy the needs of a different group of customers and sold for only $25.
Researchers stumbled upon the malware, looking into ransomware. They found a strain of Lunar that works as an information stealer and crypto miner, a software that generates low income for users compared to ransomware attacks.
However, the malware is not made for profiting. According to Avast's blog post, threat actors advertise Lunar malware builder on Discord as a means to steal gaming accounts, delete Fortnite or Minecraft folders, or repeatedly opening a web browser with Pornhub.
After spending some time in the Discord server dedicated to the Lunar builder, researchers found that most users there are minors between the ages of 11-16. The target audience's age helps explain the low price of malware and why the ads don't focus on more profit-oriented goals.
"This hypothesis is also supported by a fact that a lot of the malware's functionality, and definitely most of the plugins submitted by other members of the community, are aimed at annoying victims rather than causing actual harm," Avast malware researcher Jan Holman said.
Once teens have access to the malware builder, they discuss the best ways to deploy it, assisting each other and sharing experiences. Common tactics include using inconspicuous filenames and icons that resemble executables for legitimate games.
Others create fake Youtube links to lure victims into downloading the malware, later discussing the outcome of the hack with other users on the dedicated Discord server.
"These communities may seem attractive to kids as hacking is seen as cool and malware builders provide a cheap and easy opportunity to 'hack' someone and to brag about it to peers. […] However, these acts are still illegal and deserve to be noted," Holman said.
More from Cybernews:
Subscribe to our newsletter