Researchers Spotted Malware Downloader Being Offered on Underground Forums

A malware downloader being openly offered for sale for just $50?

hands typing on keyboard in blue light with motion blur
A malware downloader dubbed ‘Kardon Loader’ is being sold in underground forums at just $50. It helps hackers build botnets and mount cyberattacks.

It’s difficult to believe but that is what has surfaced—the downloader has reportedly been listed for sale in underground forums since April 2018.

The forums in which the program is listed are not typically browsable by the general public; certain platforms that operate beneath the surface are frequented by hackers and other ill-intentioned people.

Those who detected this downloader, which goes by the name “Kardon Loader,” confirm that the program is still in its beta version, but is still sophisticated enough to create trouble.

Helps Build Botnets

The seller of Kardon Loader is claiming that once downloaded, this malware can assist the buyer in building their own botnets.

Botnets are generally deployed by hackers to infect vulnerable systems and to steal information from them.

This $50 malware is also being promoted on these underground forums. Though the seller has added a disclaimer at the end saying the malware is not meant to be used for any illegitimate purposes, the experts know such declarations are not worth the ink they are written on.

The researchers that discovered the malware downloader explained in a blog post that the program is being advertised and sold within an underground forum by an actor operating under the alias “Yattaze.”

Beyond building the botnets, Kardon Loader has the further capability to build private networks and spread the base. What’s more, you can even access a video describing the functionalities of the malware.

The Features of Kardon Loader as Claimed

It has been reported that the advertising for this malware has listed a host of features that it possesses, and these include the bot functionality, the ability to update and uninstall tasks, Tor support, and so on.

Further, it has a user mode rootkit and domain name generation (DGA), as well as debug and analysis protection.

Interestingly, the researchers who studied the downloader in detail discovered that many of the advertised features as mentioned above are not present on the binary file they received.

TOR support, for example, was not found. Hackers prefer to use Tor to perpetrate their attacks, since it gives them the anonymity they need to avoid being traced and detected.

The Threat Can Be Real

Although at this juncture, the mere downloading of Kardon Loader may appear relatively non-threatening, experts are of the opinion that a serious buyer can go on to build botnets with it and then use these bots to carry malware and implant in systems from where all kinds of illegal activities can be carried out.

These include the theft of user IDs and passwords, bank Trojans and ransomware.

It can turn into a vicious tool in the hands of the cybercriminals.

Extra Protection Called For

Shot from the Back to Hooded Hacker Breaking into Corporate Data Servers from His Underground Hideout. Place Has Dark Atmosphere, Multiple Displays, Cables Everywhere.
A malware downloader being openly offered for sale for just $50? It’s difficult to believe but that is what has surfaced—the downloader has reportedly been listed for sale in underground forums since April 2018.

These kinds of malware are always capable of striking anywhere and at anytime. It is for the users to take the appropriate steps to avoid being the victims of such malware attacks.

There are many golden rules that cybersecurity experts recommend to users from time to time.

It does not just stop with the installation of antivirus software on your system; your system administrator has to keep a close watch on what’s happening around the world, particularly about new malware programs that keep popping up.

Remember, a hacker is not typically within your organization—they’re usually miles or even continents away and can wreak havoc to your computer network and your whole organization if you let your guard down.

Cybersecurity companies continue to release anti-malware products that enhance the possibility of repelling any attempts at corrupting your system through malware.

In addition, you have to create sufficient awareness among all your employees regarding the threats and advise them not to download suspicious attachments from emails and not even open the messages if the sender is not on their contacts list.

These steps are essential to keep yourself protected since most systems are inter-connected. And if the hacker decides to distribute a virus to your system, it will spread to the server and affect all connected devices in no time.

The cost of getting out of a malware-affected situation is much more than the investment to be made to keep the malware away.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.