BlackOS software package automates website hacking, costs $3,800 a year

Share this article:
The malicious package is being sold on underground markets for $3,800 a year.
The malicious package is being sold on underground markets for $3,800 a year.

An updated version of a malicious software package designed to automate the process of hacking websites is being offered up on underground markets for $3,800 a year, according to a blog by Trend Micro.

In a Thursday email correspondence, Christopher Budd, threat communications manager for Trend Micro, told SCMagazine.com that the software – known as BlackOS – can manage hacked sites that redirect end-users to websites serving malware.

The redirection is carried out by injecting malicious IFrames into websites, Budd said, adding this can be done using one of several features available in BlackOS.

“[It] can also manage large lists of FTP credentials and [can] check each of the accounts' credentials for validity, as well as verifies each malicious website URL against AV vendors to see if anyone blocks the website,” Budd said.

One of the things that makes BlackOS particularly useful for miscreants is that it scans a large range of IPs for exploitable vulnerabilities, Budd said, explaining that the attackers are not dialing in on specific targets.

“They do a mass attack, there are no specific targets as these websites are just a launch pad to perform their malicious attacks,” Budd said. “They are usually looking for an easy access, once they are inside they will try to level up the privileges to gain root access on the machine and therefore be able to [make] use of the BlackOS features, which is inject a malicious IFrames in all web pages.”

The posts advertising BlackOS in underground forums are written in Russian, according to the Trend Micro blog, which explains that the software costs $3,800 a year, or $100 a month for a budgeted version with basic configurations.

The BlackOS software is an updated version of the “Tale of the North” software, according to the blog.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

NIST finalizes cloud computing roadmap

NIST finalizes cloud computing roadmap

The NIST architecture is designed to accelerate the adoption of cloud computing.

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the ...

EPIC: driver data shared via V2V technology needs protection

The groups shared comments on V2V communications with the National Highway Traffic Safety Administration.