BlackOS software package automates website hacking, costs $3,800 a year

Share this article:
The malicious package is being sold on underground markets for $3,800 a year.
The malicious package is being sold on underground markets for $3,800 a year.

An updated version of a malicious software package designed to automate the process of hacking websites is being offered up on underground markets for $3,800 a year, according to a blog by Trend Micro.

In a Thursday email correspondence, Christopher Budd, threat communications manager for Trend Micro, told SCMagazine.com that the software – known as BlackOS – can manage hacked sites that redirect end-users to websites serving malware.

The redirection is carried out by injecting malicious IFrames into websites, Budd said, adding this can be done using one of several features available in BlackOS.

“[It] can also manage large lists of FTP credentials and [can] check each of the accounts' credentials for validity, as well as verifies each malicious website URL against AV vendors to see if anyone blocks the website,” Budd said.

One of the things that makes BlackOS particularly useful for miscreants is that it scans a large range of IPs for exploitable vulnerabilities, Budd said, explaining that the attackers are not dialing in on specific targets.

“They do a mass attack, there are no specific targets as these websites are just a launch pad to perform their malicious attacks,” Budd said. “They are usually looking for an easy access, once they are inside they will try to level up the privileges to gain root access on the machine and therefore be able to [make] use of the BlackOS features, which is inject a malicious IFrames in all web pages.”

The posts advertising BlackOS in underground forums are written in Russian, according to the Trend Micro blog, which explains that the software costs $3,800 a year, or $100 a month for a budgeted version with basic configurations.

The BlackOS software is an updated version of the “Tale of the North” software, according to the blog.

Share this article:

Sign up to our newsletters

More in News

Instagram iOS and Android apps vulnerable to session hijacking

Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.

Report: Hackers stole data from Israeli defense firms

A report by Brian Krebs detailed the intrusions, which occurred between Oct. 2011 and Aug. 2012.

Neverquest trojan targets regional banks in Japan

Symantec researchers found a new variant of the banking trojan.