13 Ways Cyber Criminals Spread Malware

Security incidents where hackers distribute malicious code (malware) via spam, phishing, exploits and compromised websites are hitting the headlines all the time. However, not all cyber-criminals are super proficient in programming or have enough resources to buy exploits or rent spam botnets.

There are lots of petty crooks who would be happy to get a few dozen successful installs of their viruses. Having spent some time scouring darknet forums, we have identified and compiled 13 techniques for spreading malware, be it a data stealer, hidden miner, crypto ransomware, or just adware, that are used by low-profile black hat hackers. 

So, let’s get right to the point and cover the most common ways rogue players deposit perpetrating programs on victims’ computers.

1. Micro Job Websites
These are online crowdsourcing platforms where hundreds of people perform various tasks for a small reward. The idea is prosaic: you post an assignment like “Download and install the file”, with a description saying you are a beginning coder and want to test your software on different operating systems, which explains why you need users to launch it.

It’s preferable to add the file to a password-protected archive, upload it to Dropbox or Google Drive and provide the password in the assignment or indicate it in the name of the archive. 

This tactic will get you more victims, because users tend to trust services like Dropbox or Google Drive, thinking they are virus-free, which is true, but a password-protected archive with malware inside will even slip under the radar of VirusTotal at 0/67.

In this scenario, about 10 users per day may get on the hook. This method is the easiest and the most passive one. It requires low spending (about $5 for a start), and you will definitely get the bang for that buck multiple times.

2. Social Network Spam
This technique is a bit more complicated but it’s more effective in terms of the number of installs. It boils down to spamming different open groups on Facebook or other social media, posting catchy messages like, “Hey, here’s a private cheat for CS:GO/Minecraft/Warface, no ban for a month.” 

The wording has to be down-to-earth, with no overly smart phrases – just write as if you were interested in that subject yourself and really wanted to find the cheat someplace.

3. Another Method with Facebook
Create a run-of-the-mill profile of a businessman, fill out all the details, make a neat wall and get as many likes and comments as possible. The tactic of pretending to be a Bitcoin miner who makes a couple of grand a day has been working wonders lately. Be sure to post screenshots of how much you allegedly earn right on your wall.

The catch is, you’re supposedly selling a private mining program that brings up to $50 a day without any efforts. You need to be posting news and customer feedback with words of gratitude on a daily basis for about a week. And then, finally, you post something like, “On the occasion of 30 plus buys of my program, I’m making it publicly available. I’ll delete this post in a week, so hurry up and get your chance to make money the easy way.”

Then, imitate some hype in the comments, engage ads to bring traffic, keep making your page more popular, and voila, you get real installs.

4. YouTube Spam
When implemented right, this tactic can get you lots of installs. This is doable by commenting cryptocurrency mining-themed videos or reviews of different game cheats. What you can do is post comments from dummy accounts, get a bunch of likes for your comments, and dislike everyone else’s. You can ensure a fair number of installs as long as you spend enough time doing this.

5. Fake Website/Watering Hole
This is one of the most effective ways to spread malware. It’s a no-brainer to create a site using WordPress, and it’s even easier to download or buy a turnkey script. Then, purchase ads on some channel with the right target audience and watch your installs soar. The only flip side is that you have to pay for the advertising.

6. Anonymous Chat Rooms
I’m pretty sure everyone knows what anonymous chat rooms are. Now then, they are a lucrative ecosystem for malware promotion. Oversexed individuals love these types of chats, so a message like, “Here’s a naked photo of my girlfriend, do you like it?” plus a hyperlink will do the trick. There is a bevy of potential victims there. All that’s left to do is find the target audience and spam it heavily.

7. Telegram Chats
What you are supposed to do is spam themed chat rooms on Telegram messenger, offering something that the users would most likely be interested in. In other words, if the chat is dedicated to crypto mining, peddling cheat codes for Minecraft in it is, obviously, a no-go.

A lot of Telegram chats are publicly accessible, and they boast a sizeable traffic volume. For instance, 1000 people will see your booby-trapped link along with the misleading description, 200 of them will peruse it and get interested, and 10-15 people will run the file.

8. Pushing a viable Money-Making scheme
Here’s how this one works: you come up with some sort of an online business model that’s not mainstream, and announce a recruitment campaign to get those interested on your team. Spend some time boosting comments, likes and reposts for this scheme on your blog or social network page, making it all look credible.

Then, you should buy ads on a “make money online” themed YouTube channel, telling its owner that you’re offering a great way to earn a pretty penny and asking them to spread the word about it. If this part works out, the channel will promote your page and lots of people will download the archive with the manual describing your model. 

What’s the catch? The folders inside that archive contain your malware, and some people will run it accidentally because it has a regular folder icon, or they will launch it because the manual tells them to. The profit is obvious in this case.

9. Distribution via Browser Games
These types of games are schoolkids’ favorites. Your plan is to find any browser game forum and start a thread about some kind of a contest. For example, type a game-related assignment in Notepad and announce a contest whose winner allegedly gets $25. Then, bundle your malware with that document and make sure the culprit has an icon of a text file. The kids will go off at full score trying to solve your task without having a clue that there’s a virus on board. Moreover, more responses will heat up the community’s interest.

10. Dating Sites
It’s simple: you exchange some appealing messages with a potential victim to build trust, and when the communication gets more intimate you send that person an archive with fake photos. One of the files inside the archive is your malware camouflaged as a picture. If your malicious program is an information stealer, you can thus get the prey’s logs and blackmail them.

11. Playing with Someone’s Feelings
Create a trustworthy-looking account of a pretty girl on a social network or dating site, wait for about a week so that the account doesn’t appear brand-new, inflate it with posts and boost the likes. Then, search for men aged 35-60 and select the ones whose status is “married”. Reach out to their wives, saying

“How come you don’t look after your husband at all? I’m going out with him every week, here’s a video proof of what we do. You’d better not watch it if you’re touchy.” 

Most victims will get curious enough to click on that link, which means you get new installs.

12. Dark Web Forums
Sign up with one of these resources and create a new topic saying something like, “Dumping a killer scheme to make money, it’s being sold on another forum for $200, contact me via Telegram.” Wait for those interested to show up and send them the document bundled with malware. Use your data stealer to access their profiles, create similar topics on their behalf and simulate some positive feedback for your post. This way, you will keep making victims until forum admins ban everyone who ran the bad code.

13. The Most Profitable Method
It’s somewhat harder to pull off than the rest, though. Go to a crypto mining forum and find the software section. Spot an appropriate thread, copy the entire text and all the pictures, and then translate it into Spanish, German and French. Google Translate will do the trick. 

Then, find major mining forums in these foreign countries and create topics with the translation as if you were presenting new software that prevents your mining farm from overheating. Be sure to provide a link to the purported software at the end of the posts, preferably a direct one leading to GitHub. That’s it. This is the best target audience for a data stealer.

Now that you are aware of core steps used by cyber criminals to spread malware tohelp you to be secure online and don’t fall for such methods. Also, check out HackRead's seven ways in which a USB stick could become a security risk for your device.

HackRead

You Might Also Read: 

Preventing Another Wannacry:

A New IoT Botnet Storm Is Coming:

 

« A Guide To Addressing Corporate IoT Security
How to Measure Cybersecurity Success »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Blue Frost Security

Blue Frost Security

Blue Frost Security provides high-level IT security consulting, penetration testing services, ISO 27001 Solutions, PCI compliance solutions and training.

Menlo Security

Menlo Security

Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email.

Orange Cyberdefense

Orange Cyberdefense

Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection & response services to organizations around the globe.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

Naval Dome

Naval Dome

Naval Dome provides the first maritime multilayer cyber defense solution for mission critical onboard systems.

Miradore

Miradore

Miradore is a software company specializing in effective, cloud-based device management. Our goal is to help IT Service Providers and IT departments secure and control devices.

Purple Security

Purple Security

Purple Security arises from the association of specialists in offensive security (ethical hackers, white hats) and experts in insurance, compliance and implementation of industry standards.

PureCyber

PureCyber

PureCyber (formerly Wolfberry Cyber) is an award-winning cyber security consultancy whose goal it is to make cyber security accessible, understandable, and affordable for any organisation.

Whistic

Whistic

Whistic is a cloud-based platform that uses a unique approach to address the challenges of third-party risk management.

Quzara

Quzara

Quzara provides trusted advisory services and highly adaptive cybersecurity services to federal, commercial and Defense Industrial Base customers to meet their security compliance and cyber needs.

e-Xpert Solutions

e-Xpert Solutions

e-Xpert Solutions is a company specialized in the Information Security field since 2001. Our skills are strong technical expertise and the development of tailor-made solutions.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

Twinstate Technologies

Twinstate Technologies

Twinstate Technologies specializes in cybersecurity, proactive IT, and hosted and on-premise voice solutions.

Finlaw Associates

Finlaw Associates

Finlaw Associates is a trusted cybercrime law firm providing a wide range of taxation, legal, advisory and regulatory services to the financial, commercial and industrial communities.