13 Ways Cyber Criminals Spread Malware

Security incidents where hackers distribute malicious code (malware) via spam, phishing, exploits and compromised websites are hitting the headlines all the time. However, not all cyber-criminals are super proficient in programming or have enough resources to buy exploits or rent spam botnets.

There are lots of petty crooks who would be happy to get a few dozen successful installs of their viruses. Having spent some time scouring darknet forums, we have identified and compiled 13 techniques for spreading malware, be it a data stealer, hidden miner, crypto ransomware, or just adware, that are used by low-profile black hat hackers. 

So, let’s get right to the point and cover the most common ways rogue players deposit perpetrating programs on victims’ computers.

1. Micro Job Websites
These are online crowdsourcing platforms where hundreds of people perform various tasks for a small reward. The idea is prosaic: you post an assignment like “Download and install the file”, with a description saying you are a beginning coder and want to test your software on different operating systems, which explains why you need users to launch it.

It’s preferable to add the file to a password-protected archive, upload it to Dropbox or Google Drive and provide the password in the assignment or indicate it in the name of the archive. 

This tactic will get you more victims, because users tend to trust services like Dropbox or Google Drive, thinking they are virus-free, which is true, but a password-protected archive with malware inside will even slip under the radar of VirusTotal at 0/67.

In this scenario, about 10 users per day may get on the hook. This method is the easiest and the most passive one. It requires low spending (about $5 for a start), and you will definitely get the bang for that buck multiple times.

2. Social Network Spam
This technique is a bit more complicated but it’s more effective in terms of the number of installs. It boils down to spamming different open groups on Facebook or other social media, posting catchy messages like, “Hey, here’s a private cheat for CS:GO/Minecraft/Warface, no ban for a month.” 

The wording has to be down-to-earth, with no overly smart phrases – just write as if you were interested in that subject yourself and really wanted to find the cheat someplace.

3. Another Method with Facebook
Create a run-of-the-mill profile of a businessman, fill out all the details, make a neat wall and get as many likes and comments as possible. The tactic of pretending to be a Bitcoin miner who makes a couple of grand a day has been working wonders lately. Be sure to post screenshots of how much you allegedly earn right on your wall.

The catch is, you’re supposedly selling a private mining program that brings up to $50 a day without any efforts. You need to be posting news and customer feedback with words of gratitude on a daily basis for about a week. And then, finally, you post something like, “On the occasion of 30 plus buys of my program, I’m making it publicly available. I’ll delete this post in a week, so hurry up and get your chance to make money the easy way.”

Then, imitate some hype in the comments, engage ads to bring traffic, keep making your page more popular, and voila, you get real installs.

4. YouTube Spam
When implemented right, this tactic can get you lots of installs. This is doable by commenting cryptocurrency mining-themed videos or reviews of different game cheats. What you can do is post comments from dummy accounts, get a bunch of likes for your comments, and dislike everyone else’s. You can ensure a fair number of installs as long as you spend enough time doing this.

5. Fake Website/Watering Hole
This is one of the most effective ways to spread malware. It’s a no-brainer to create a site using WordPress, and it’s even easier to download or buy a turnkey script. Then, purchase ads on some channel with the right target audience and watch your installs soar. The only flip side is that you have to pay for the advertising.

6. Anonymous Chat Rooms
I’m pretty sure everyone knows what anonymous chat rooms are. Now then, they are a lucrative ecosystem for malware promotion. Oversexed individuals love these types of chats, so a message like, “Here’s a naked photo of my girlfriend, do you like it?” plus a hyperlink will do the trick. There is a bevy of potential victims there. All that’s left to do is find the target audience and spam it heavily.

7. Telegram Chats
What you are supposed to do is spam themed chat rooms on Telegram messenger, offering something that the users would most likely be interested in. In other words, if the chat is dedicated to crypto mining, peddling cheat codes for Minecraft in it is, obviously, a no-go.

A lot of Telegram chats are publicly accessible, and they boast a sizeable traffic volume. For instance, 1000 people will see your booby-trapped link along with the misleading description, 200 of them will peruse it and get interested, and 10-15 people will run the file.

8. Pushing a viable Money-Making scheme
Here’s how this one works: you come up with some sort of an online business model that’s not mainstream, and announce a recruitment campaign to get those interested on your team. Spend some time boosting comments, likes and reposts for this scheme on your blog or social network page, making it all look credible.

Then, you should buy ads on a “make money online” themed YouTube channel, telling its owner that you’re offering a great way to earn a pretty penny and asking them to spread the word about it. If this part works out, the channel will promote your page and lots of people will download the archive with the manual describing your model. 

What’s the catch? The folders inside that archive contain your malware, and some people will run it accidentally because it has a regular folder icon, or they will launch it because the manual tells them to. The profit is obvious in this case.

9. Distribution via Browser Games
These types of games are schoolkids’ favorites. Your plan is to find any browser game forum and start a thread about some kind of a contest. For example, type a game-related assignment in Notepad and announce a contest whose winner allegedly gets $25. Then, bundle your malware with that document and make sure the culprit has an icon of a text file. The kids will go off at full score trying to solve your task without having a clue that there’s a virus on board. Moreover, more responses will heat up the community’s interest.

10. Dating Sites
It’s simple: you exchange some appealing messages with a potential victim to build trust, and when the communication gets more intimate you send that person an archive with fake photos. One of the files inside the archive is your malware camouflaged as a picture. If your malicious program is an information stealer, you can thus get the prey’s logs and blackmail them.

11. Playing with Someone’s Feelings
Create a trustworthy-looking account of a pretty girl on a social network or dating site, wait for about a week so that the account doesn’t appear brand-new, inflate it with posts and boost the likes. Then, search for men aged 35-60 and select the ones whose status is “married”. Reach out to their wives, saying

“How come you don’t look after your husband at all? I’m going out with him every week, here’s a video proof of what we do. You’d better not watch it if you’re touchy.” 

Most victims will get curious enough to click on that link, which means you get new installs.

12. Dark Web Forums
Sign up with one of these resources and create a new topic saying something like, “Dumping a killer scheme to make money, it’s being sold on another forum for $200, contact me via Telegram.” Wait for those interested to show up and send them the document bundled with malware. Use your data stealer to access their profiles, create similar topics on their behalf and simulate some positive feedback for your post. This way, you will keep making victims until forum admins ban everyone who ran the bad code.

13. The Most Profitable Method
It’s somewhat harder to pull off than the rest, though. Go to a crypto mining forum and find the software section. Spot an appropriate thread, copy the entire text and all the pictures, and then translate it into Spanish, German and French. Google Translate will do the trick. 

Then, find major mining forums in these foreign countries and create topics with the translation as if you were presenting new software that prevents your mining farm from overheating. Be sure to provide a link to the purported software at the end of the posts, preferably a direct one leading to GitHub. That’s it. This is the best target audience for a data stealer.

Now that you are aware of core steps used by cyber criminals to spread malware tohelp you to be secure online and don’t fall for such methods. Also, check out HackRead's seven ways in which a USB stick could become a security risk for your device.

HackRead

You Might Also Read: 

Preventing Another Wannacry:

A New IoT Botnet Storm Is Coming:

 

« A Guide To Addressing Corporate IoT Security
How to Measure Cybersecurity Success »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

D-RisQ

D-RisQ

D-RisQ is focussed on delivering techniques to reduce the development costs of complex systems and software whilst maximising compliance

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

Flexential

Flexential

Flexential helps organizations optimize their journey of IT transformation while simultaneously balancing cost, scalability, compliance and security.

Osirium

Osirium

The Osirium PxM Privileged Access Management platform addresses both security and compliance requirements by defining who gets access to what and when.

Vigilant Software

Vigilant Software

Vigilant Software develops industry-leading tools for intelligent, simplified compliance, including ISO27001-risk management and EU GDPR.

Blue Cedar

Blue Cedar

Blue Cedar's mobile app security integration platform secures and accelerates mobile app deployment for enterprises and government organizations around the world.

Red River

Red River

Red River is a technology transformation company, bringing 25 years of experience and mission-critical expertise in analytics, cloud, collaboration, mobility, networking and security solutions.

ChaosSearch

ChaosSearch

ChaosSearch is a massively scalable ELK-compatible log analysis platform delivered as a fully managed service with high-performance and low cost.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

Netgo

Netgo

Netgo group meet the requirements of a complex, digitized world with IT consulting, IT solutions & services, managed & cloud services and software products & development.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

DigitalPlatforms

DigitalPlatforms

DigitalPlatforms SpA is an Italian group with the mission of providing end-to-end solutions and Internet of Things and Cyber technologies to companies that manage critical infrastructures.

Cyber Intell Solution (CIS)

Cyber Intell Solution (CIS)

Cyber Intell Solution provide expert consulting, specialized products, and tailored operational services to governmental and corporate industry worldwide.

WillCo Tech

WillCo Tech

WillCo Tech works to enhance national security and force readiness for military and commercial enterprises with a suite of software capabilities surrounding the human element of cybersecurity.

Twine Security

Twine Security

Twine is pioneering the creation of AI digital cybersecurity employees to help improve efficiency for cybersecurity teams.

BestDefense

BestDefense

BestDefense offers proactive cybersecurity solutions that adapt in real-time to outpace evolving threats and ensure resilient protection for your critical assets.