Hackers and malware developers are usually focused on infecting regular users. That’s their main “niche”, however, they also spread viruses, spyware, keystroke loggers and other malicious tools to other cybercriminals. As all gangster movies show, there’s no code of honor criminals won’t break. It’s true for regular crooks, and it’s true for cybercriminals. There’s a lot of infighting among the malicious software community, as the recent Pahan case shows.
Details of the Pahan Infections
A little background info is necessary to explain the Pahan hackings. Developers of malware (ransomware, viruses, and other types of malicious content) communicate with each other on underground forums. There they exchange ideas, code, sell data, pretty much anything bad you can think of on the Internet can be found on these forums.
“Leakforums” is one of the biggest sites for this kind of information sharing. The hacker entity bearing the usernames “pahan12” or “pahan123” started offering a RAT (remote access tool) called SLICK RAT. Some crooks took up the offer and downloaded the tool, only to get infected with KeyBase, which stole their information instead.
Pahan has pulled this trick multiple times, with other malicious tools that ended up infecting the crooks who downloaded them. Aegis Crypte, a malware scrambling tool r is another of Pahan’s products. He offered it in November 2015. Aegis Crypte contained the virus, Troj/RxBot, a Trojan that also had RAT capabilities .
Another product released by Pahan is the KeyBase tool, used to generate keylogger files. The program was released in March 2016. By now you can probably guess that KeyBase also contained a virus, the same Trojan as Aegis Crypte.
The hacks were reported by Sophos. Heres a picture of the SLICK RAT:
Why Would Pahan Do This?
Hackers would hack other hackers for the same reason they would hack normal people – personal gain. All spyware aims to steal confidential information, and cybercriminals have it in spares. The specific goals of Pahan are unclear, though it’s almost certain that he’s after the malware development data of his fellow crooks.
The main victims of the Pahan hackings are likely to be the more inexperienced crooks that lack the necessary technical skills to develop their own tools. Nowadays, few cybercriminals make their viruses from scratch, they use ready-made content like EDA2 ransomware code . Most crooks aren’t competent enough to know how their tools work. We’ll let you decide if that’s good or bad.
Pahan’s software is most likely to infect these lower tier hackers and malware users. The more seasoned cybercriminals won’t fall for such a simple trick. Every user should know better than to download content from shady looking websites and it’s funny that the crooks responsible for putting viruses on the Web fell for their own tricks.
The Ransomware Economy
Ransomware crooks made tons of money in 2016. However, the worst is yet to come. Ransomware viruses are ost active in the later parts of the year. The newest version of Cerber is already available, and that’s not the end of it. As you can see by browsing our site, notable ransomware viruses pop up every week. The situation is likely going to get much worse before it gets better.