Threat Management, Malware

Scammer turned ‘cybercriminal’ asks Damballa for help installing Pony Loader

Oops! Wrong number. Or rather, wrong website. A man believed to be a “wannabe cybercriminal” mistook recent Damballa research on Pony Loader “as a sales pitch” and queried the company, looking to buy the malware and get help installing it.

“If I buy Pony Loader, you support to install or not?” the query read.

Not content to just reject the request, researchers at Damballa did a little sleuthing of their own using the information provided by the potential “customer” and discovered that darknetshop is a Thailand-based online blog that sells goods like smartphones and laptops. Its proprietor, Waipot Sompa, is a scammer from way back but ultimately “doesn't strike us as someone who has the technical knowledge to use and install crimeware,” according to a Damballa blog post, penned by a senior threat researcher at the company, Loucif Kharouni, and emailed to Friday.

Underscoring that Damballa isn't a cyberbroker, Kharouni said, “Please take note, Damballa does NOT sell exploits nor do we provide support or install, au contraire: We help enterprises in the battle against cyber criminals who have compromised their network.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.