13 Ways Cyber Criminals Spread Malware

Security incidents where hackers distribute malicious code (malware) via spam, phishing, exploits and compromised websites are hitting the headlines all the time. However, not all cyber-criminals are super proficient in programming or have enough resources to buy exploits or rent spam botnets.

There are lots of petty crooks who would be happy to get a few dozen successful installs of their viruses. Having spent some time scouring darknet forums, we have identified and compiled 13 techniques for spreading malware, be it a data stealer, hidden miner, crypto ransomware, or just adware, that are used by low-profile black hat hackers. 

So, let’s get right to the point and cover the most common ways rogue players deposit perpetrating programs on victims’ computers.

1. Micro Job Websites
These are online crowdsourcing platforms where hundreds of people perform various tasks for a small reward. The idea is prosaic: you post an assignment like “Download and install the file”, with a description saying you are a beginning coder and want to test your software on different operating systems, which explains why you need users to launch it.

It’s preferable to add the file to a password-protected archive, upload it to Dropbox or Google Drive and provide the password in the assignment or indicate it in the name of the archive. 

This tactic will get you more victims, because users tend to trust services like Dropbox or Google Drive, thinking they are virus-free, which is true, but a password-protected archive with malware inside will even slip under the radar of VirusTotal at 0/67.

In this scenario, about 10 users per day may get on the hook. This method is the easiest and the most passive one. It requires low spending (about $5 for a start), and you will definitely get the bang for that buck multiple times.

2. Social Network Spam
This technique is a bit more complicated but it’s more effective in terms of the number of installs. It boils down to spamming different open groups on Facebook or other social media, posting catchy messages like, “Hey, here’s a private cheat for CS:GO/Minecraft/Warface, no ban for a month.” 

The wording has to be down-to-earth, with no overly smart phrases – just write as if you were interested in that subject yourself and really wanted to find the cheat someplace.

3. Another Method with Facebook
Create a run-of-the-mill profile of a businessman, fill out all the details, make a neat wall and get as many likes and comments as possible. The tactic of pretending to be a Bitcoin miner who makes a couple of grand a day has been working wonders lately. Be sure to post screenshots of how much you allegedly earn right on your wall.

The catch is, you’re supposedly selling a private mining program that brings up to $50 a day without any efforts. You need to be posting news and customer feedback with words of gratitude on a daily basis for about a week. And then, finally, you post something like, “On the occasion of 30 plus buys of my program, I’m making it publicly available. I’ll delete this post in a week, so hurry up and get your chance to make money the easy way.”

Then, imitate some hype in the comments, engage ads to bring traffic, keep making your page more popular, and voila, you get real installs.

4. YouTube Spam
When implemented right, this tactic can get you lots of installs. This is doable by commenting cryptocurrency mining-themed videos or reviews of different game cheats. What you can do is post comments from dummy accounts, get a bunch of likes for your comments, and dislike everyone else’s. You can ensure a fair number of installs as long as you spend enough time doing this.

5. Fake Website/Watering Hole
This is one of the most effective ways to spread malware. It’s a no-brainer to create a site using WordPress, and it’s even easier to download or buy a turnkey script. Then, purchase ads on some channel with the right target audience and watch your installs soar. The only flip side is that you have to pay for the advertising.

6. Anonymous Chat Rooms
I’m pretty sure everyone knows what anonymous chat rooms are. Now then, they are a lucrative ecosystem for malware promotion. Oversexed individuals love these types of chats, so a message like, “Here’s a naked photo of my girlfriend, do you like it?” plus a hyperlink will do the trick. There is a bevy of potential victims there. All that’s left to do is find the target audience and spam it heavily.

7. Telegram Chats
What you are supposed to do is spam themed chat rooms on Telegram messenger, offering something that the users would most likely be interested in. In other words, if the chat is dedicated to crypto mining, peddling cheat codes for Minecraft in it is, obviously, a no-go.

A lot of Telegram chats are publicly accessible, and they boast a sizeable traffic volume. For instance, 1000 people will see your booby-trapped link along with the misleading description, 200 of them will peruse it and get interested, and 10-15 people will run the file.

8. Pushing a viable Money-Making scheme
Here’s how this one works: you come up with some sort of an online business model that’s not mainstream, and announce a recruitment campaign to get those interested on your team. Spend some time boosting comments, likes and reposts for this scheme on your blog or social network page, making it all look credible.

Then, you should buy ads on a “make money online” themed YouTube channel, telling its owner that you’re offering a great way to earn a pretty penny and asking them to spread the word about it. If this part works out, the channel will promote your page and lots of people will download the archive with the manual describing your model. 

What’s the catch? The folders inside that archive contain your malware, and some people will run it accidentally because it has a regular folder icon, or they will launch it because the manual tells them to. The profit is obvious in this case.

9. Distribution via Browser Games
These types of games are schoolkids’ favorites. Your plan is to find any browser game forum and start a thread about some kind of a contest. For example, type a game-related assignment in Notepad and announce a contest whose winner allegedly gets $25. Then, bundle your malware with that document and make sure the culprit has an icon of a text file. The kids will go off at full score trying to solve your task without having a clue that there’s a virus on board. Moreover, more responses will heat up the community’s interest.

10. Dating Sites
It’s simple: you exchange some appealing messages with a potential victim to build trust, and when the communication gets more intimate you send that person an archive with fake photos. One of the files inside the archive is your malware camouflaged as a picture. If your malicious program is an information stealer, you can thus get the prey’s logs and blackmail them.

11. Playing with Someone’s Feelings
Create a trustworthy-looking account of a pretty girl on a social network or dating site, wait for about a week so that the account doesn’t appear brand-new, inflate it with posts and boost the likes. Then, search for men aged 35-60 and select the ones whose status is “married”. Reach out to their wives, saying

“How come you don’t look after your husband at all? I’m going out with him every week, here’s a video proof of what we do. You’d better not watch it if you’re touchy.” 

Most victims will get curious enough to click on that link, which means you get new installs.

12. Dark Web Forums
Sign up with one of these resources and create a new topic saying something like, “Dumping a killer scheme to make money, it’s being sold on another forum for $200, contact me via Telegram.” Wait for those interested to show up and send them the document bundled with malware. Use your data stealer to access their profiles, create similar topics on their behalf and simulate some positive feedback for your post. This way, you will keep making victims until forum admins ban everyone who ran the bad code.

13. The Most Profitable Method
It’s somewhat harder to pull off than the rest, though. Go to a crypto mining forum and find the software section. Spot an appropriate thread, copy the entire text and all the pictures, and then translate it into Spanish, German and French. Google Translate will do the trick. 

Then, find major mining forums in these foreign countries and create topics with the translation as if you were presenting new software that prevents your mining farm from overheating. Be sure to provide a link to the purported software at the end of the posts, preferably a direct one leading to GitHub. That’s it. This is the best target audience for a data stealer.

Now that you are aware of core steps used by cyber criminals to spread malware tohelp you to be secure online and don’t fall for such methods. Also, check out HackRead's seven ways in which a USB stick could become a security risk for your device.

HackRead

You Might Also Read: 

Preventing Another Wannacry:

A New IoT Botnet Storm Is Coming:

 

« A Guide To Addressing Corporate IoT Security
How to Measure Cybersecurity Success »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Zybert Computing

Zybert Computing

Zybert Computing provide server solutions with built-in security and information protection features for the SME market.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

European Network for Cyber Security (ENCS)

European Network for Cyber Security (ENCS)

ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids across Europe.

SecureKey Technologies

SecureKey Technologies

SecureKey is a leading identity and authentication provider that simplifies consumer access to online services and applications.

The Media Trust

The Media Trust

The Media Trust continuously scans websites, ad tags and mobile apps and alerts on anomalies affecting websites and visitors.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company.

CloudOak

CloudOak

CloudOak is a cloud channel provider for hybrid cloud Backup as a Service (BaaS), Disaster Recovery as a Service (DRaaS) and Archiving to Small to Medium Business (SMB).

MicroEJ

MicroEJ

MicroEJ is a software vendor of cost-driven solutions for embedded and IoT devices.

DigiByte (DGB)

DigiByte (DGB)

DigiByte (DGB) is a rapidly growing global blockchain with a focus on cybersecurity for digital payments & decentralized applications.

BIND 4.0

BIND 4.0

Bind 4.0 is an acceleration program geared toward tech startups with solutions applied to Advanced Manufacturing, Smart Energy, Health Tech or Food Tech fields.

HacWare

HacWare

HacWare is a data driven cybersecurity awareness product that leverages machine learning and behavior analytics help IT professionals combat phishing.

CFTS

CFTS

CFTS 'Computer Facilities Technical Services' is a Ugandan ICT Support Company that specialises in infrastructure and support services including network security.

ThreatNG Security

ThreatNG Security

ThreatNG is redefining external attack surface management (EASM) and digital risk protection with a platform of unmatched breadth, depth, and capabilities in thwarting technical and business threats.

Allstate Identity Protection

Allstate Identity Protection

Allstate make it easy to provide complete identity protection, so everyone can live more confidently online.

PayPal Ventures

PayPal Ventures

PayPal Ventures invests in companies at the forefront of innovation in fintech, payments, commerce enablement, artificial intelligence, blockchain and cryptocurrency, regulatory and cyber technology.

CloudBees

CloudBees

CloudBees is building the world’s first end-to-end automated software delivery system, enabling companies to balance governance and developer freedom.