BrianKrebs

I hinted at this piece earlier this week, in a rant about the relatively few evil code wizards who are really good at making malware look harmless to security software, and why it makes sense to look at them more closely.

Why Malware Crypting Services Deserve More Scrutiny

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In fact, the process of “crypting” malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties. This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.

More here:
https://krebsonsecurity.com/2023/06/why-malware-crypting-services-deserve-more-scrutiny/

Why Malware Crypting Services Deserve More Scrutiny – Krebs on Security

Jun 21, 2023 at 7:51pmWeb
Show threadDavid Penfold Jun 21, 2023
@briankrebs Top sleuthing as ever. And as you say, it could be a networking goldmine.
Show threadSeanJun 21, 2023
@briankrebs Really interesting read Brian. Opsec is only as good as it’s weakest link and it seems like you found several potential slip-ups. Makes me wonder whether LE will (or already do) view the site as a potential honeypot target. Did you notice any indications of a dead-man canary/switch that would tip off customers or co-conspirators?
Show threadBrianKrebsJun 21, 2023
@eccentric_econ No, nothing like that.
Show threadBillJun 21, 2023

@briankrebs I did that a few years ago for a social engineering engagement, probably still works. I'll give you a tour if you want.

https://github.com/lockfale/DotNetAVBypass-Master

GitHub - lockfale/DotNetAVBypass-Master: C# AV bypass jank

C# AV bypass jank. Contribute to lockfale/DotNetAVBypass-Master development by creating an account on GitHub.

GitHub