13 Ways Cyber Criminals Spread Malware

Security incidents where hackers distribute malicious code (malware) via spam, phishing, exploits and compromised websites are hitting the headlines all the time. However, not all cyber-criminals are super proficient in programming or have enough resources to buy exploits or rent spam botnets.

There are lots of petty crooks who would be happy to get a few dozen successful installs of their viruses. Having spent some time scouring darknet forums, we have identified and compiled 13 techniques for spreading malware, be it a data stealer, hidden miner, crypto ransomware, or just adware, that are used by low-profile black hat hackers. 

So, let’s get right to the point and cover the most common ways rogue players deposit perpetrating programs on victims’ computers.

1. Micro Job Websites
These are online crowdsourcing platforms where hundreds of people perform various tasks for a small reward. The idea is prosaic: you post an assignment like “Download and install the file”, with a description saying you are a beginning coder and want to test your software on different operating systems, which explains why you need users to launch it.

It’s preferable to add the file to a password-protected archive, upload it to Dropbox or Google Drive and provide the password in the assignment or indicate it in the name of the archive. 

This tactic will get you more victims, because users tend to trust services like Dropbox or Google Drive, thinking they are virus-free, which is true, but a password-protected archive with malware inside will even slip under the radar of VirusTotal at 0/67.

In this scenario, about 10 users per day may get on the hook. This method is the easiest and the most passive one. It requires low spending (about $5 for a start), and you will definitely get the bang for that buck multiple times.

2. Social Network Spam
This technique is a bit more complicated but it’s more effective in terms of the number of installs. It boils down to spamming different open groups on Facebook or other social media, posting catchy messages like, “Hey, here’s a private cheat for CS:GO/Minecraft/Warface, no ban for a month.” 

The wording has to be down-to-earth, with no overly smart phrases – just write as if you were interested in that subject yourself and really wanted to find the cheat someplace.

3. Another Method with Facebook
Create a run-of-the-mill profile of a businessman, fill out all the details, make a neat wall and get as many likes and comments as possible. The tactic of pretending to be a Bitcoin miner who makes a couple of grand a day has been working wonders lately. Be sure to post screenshots of how much you allegedly earn right on your wall.

The catch is, you’re supposedly selling a private mining program that brings up to $50 a day without any efforts. You need to be posting news and customer feedback with words of gratitude on a daily basis for about a week. And then, finally, you post something like, “On the occasion of 30 plus buys of my program, I’m making it publicly available. I’ll delete this post in a week, so hurry up and get your chance to make money the easy way.”

Then, imitate some hype in the comments, engage ads to bring traffic, keep making your page more popular, and voila, you get real installs.

4. YouTube Spam
When implemented right, this tactic can get you lots of installs. This is doable by commenting cryptocurrency mining-themed videos or reviews of different game cheats. What you can do is post comments from dummy accounts, get a bunch of likes for your comments, and dislike everyone else’s. You can ensure a fair number of installs as long as you spend enough time doing this.

5. Fake Website/Watering Hole
This is one of the most effective ways to spread malware. It’s a no-brainer to create a site using WordPress, and it’s even easier to download or buy a turnkey script. Then, purchase ads on some channel with the right target audience and watch your installs soar. The only flip side is that you have to pay for the advertising.

6. Anonymous Chat Rooms
I’m pretty sure everyone knows what anonymous chat rooms are. Now then, they are a lucrative ecosystem for malware promotion. Oversexed individuals love these types of chats, so a message like, “Here’s a naked photo of my girlfriend, do you like it?” plus a hyperlink will do the trick. There is a bevy of potential victims there. All that’s left to do is find the target audience and spam it heavily.

7. Telegram Chats
What you are supposed to do is spam themed chat rooms on Telegram messenger, offering something that the users would most likely be interested in. In other words, if the chat is dedicated to crypto mining, peddling cheat codes for Minecraft in it is, obviously, a no-go.

A lot of Telegram chats are publicly accessible, and they boast a sizeable traffic volume. For instance, 1000 people will see your booby-trapped link along with the misleading description, 200 of them will peruse it and get interested, and 10-15 people will run the file.

8. Pushing a viable Money-Making scheme
Here’s how this one works: you come up with some sort of an online business model that’s not mainstream, and announce a recruitment campaign to get those interested on your team. Spend some time boosting comments, likes and reposts for this scheme on your blog or social network page, making it all look credible.

Then, you should buy ads on a “make money online” themed YouTube channel, telling its owner that you’re offering a great way to earn a pretty penny and asking them to spread the word about it. If this part works out, the channel will promote your page and lots of people will download the archive with the manual describing your model. 

What’s the catch? The folders inside that archive contain your malware, and some people will run it accidentally because it has a regular folder icon, or they will launch it because the manual tells them to. The profit is obvious in this case.

9. Distribution via Browser Games
These types of games are schoolkids’ favorites. Your plan is to find any browser game forum and start a thread about some kind of a contest. For example, type a game-related assignment in Notepad and announce a contest whose winner allegedly gets $25. Then, bundle your malware with that document and make sure the culprit has an icon of a text file. The kids will go off at full score trying to solve your task without having a clue that there’s a virus on board. Moreover, more responses will heat up the community’s interest.

10. Dating Sites
It’s simple: you exchange some appealing messages with a potential victim to build trust, and when the communication gets more intimate you send that person an archive with fake photos. One of the files inside the archive is your malware camouflaged as a picture. If your malicious program is an information stealer, you can thus get the prey’s logs and blackmail them.

11. Playing with Someone’s Feelings
Create a trustworthy-looking account of a pretty girl on a social network or dating site, wait for about a week so that the account doesn’t appear brand-new, inflate it with posts and boost the likes. Then, search for men aged 35-60 and select the ones whose status is “married”. Reach out to their wives, saying

“How come you don’t look after your husband at all? I’m going out with him every week, here’s a video proof of what we do. You’d better not watch it if you’re touchy.” 

Most victims will get curious enough to click on that link, which means you get new installs.

12. Dark Web Forums
Sign up with one of these resources and create a new topic saying something like, “Dumping a killer scheme to make money, it’s being sold on another forum for $200, contact me via Telegram.” Wait for those interested to show up and send them the document bundled with malware. Use your data stealer to access their profiles, create similar topics on their behalf and simulate some positive feedback for your post. This way, you will keep making victims until forum admins ban everyone who ran the bad code.

13. The Most Profitable Method
It’s somewhat harder to pull off than the rest, though. Go to a crypto mining forum and find the software section. Spot an appropriate thread, copy the entire text and all the pictures, and then translate it into Spanish, German and French. Google Translate will do the trick. 

Then, find major mining forums in these foreign countries and create topics with the translation as if you were presenting new software that prevents your mining farm from overheating. Be sure to provide a link to the purported software at the end of the posts, preferably a direct one leading to GitHub. That’s it. This is the best target audience for a data stealer.

Now that you are aware of core steps used by cyber criminals to spread malware tohelp you to be secure online and don’t fall for such methods. Also, check out HackRead's seven ways in which a USB stick could become a security risk for your device.

HackRead

You Might Also Read: 

Preventing Another Wannacry:

A New IoT Botnet Storm Is Coming:

 

« A Guide To Addressing Corporate IoT Security
How to Measure Cybersecurity Success »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

4Secure

4Secure

For over two decades, 4Secure has specialised in cyber security consultancy, safeguarding the worlds critical Infrastructure through securely bridging air gapped networks.

National Cyber Security Centre (NKSC) - Lithuania

National Cyber Security Centre (NKSC) - Lithuania

NKSC is the main Lithuanian cyber security institution, responsible for unified management of cyber incidents, monitoring and control of the implementation of cyber security requirements.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

Datacom Systems

Datacom Systems

Datacom Systems is a leading manufacturer of network visibility solutions.

Assured Enterprises

Assured Enterprises

Assured Enterprises provides comprehensive cyber risk identification, management and mitigation across all platforms.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

Cycuity

Cycuity

Cycuity (formerly Tortuga Logic) is a cybersecurity company that is transforming the way we secure silicon with comprehensive hardware security assurance.

SpyCloud

SpyCloud

SpyCloud is a leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations.

ForAllSecure

ForAllSecure

ForAllSecure’s mission is to make the world’s software safe by pioneering autonomous cybersecurity tools that automatically find and fix vulnerabilities in run-time executable software.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

Ironhack

Ironhack

Ironhack provide intensive training courses & bootcamps in Web Development, UX/UI Design, Data Analytics & Cybersecurity.

CICRA Consultancies

CICRA Consultancies

Cicra Consultancies is a company that specializes in cyber security. Our major activities are guided by three main principles: Prevent, Investigate, Prosecute.

Armolon

Armolon

Armolon provides comprehensive data breach and cybersecurity, as well cybersecurity audits and certifications, and disaster recovery/business continuity services to clients.

Skyhigh Security

Skyhigh Security

Skyhigh Security enables your remote workforce while addressing your cloud, web, data, and network security needs.

InterSources

InterSources

InterSources is a trusted partner, leading the way in Cloud Security, Cybersecurity, PLG Consulting, Digital Transformation, and Professional Services.