After a closer inspection of the discussion, researchers concluded that the group consisted of mostly minors, as they kept mentioning their parents and teachers, as well as throwing various age-related insults at each other.
To join the group, and essentially become the user of the malware-as-a-service, one must pay a fee, which ranges from anywhere between €5 and €25. Avast says up to 100 accounts have paid to access one such group.
Trickery and deception
The group in question builds and exchanges various types of malware, including those with password-stealing capabilities, infostealers, those capable of mining various cryptocurrencies for the attackers, and in some cases, even running ransomware attacks.
When it comes to distributing the malware, the process is more-or-less the usual, with a little twist. The crooks create a YouTube video, demonstrating a crack for commercial software or a popular computer game, and include a download link for the fake crack in the description.
To help build authenticity, other members of the Discord group then add comments to the video, thanking the author for their contribution and “confirming” that the file on the download link is actually legitimate.
This, Avast claims, is a lot more sinister, compared to the usual practice of using bots to add comments, as it’s almost impossible to detect fraud when genuine accounts support a video.
Spreading ransomware, infostealers, and other malware might be an illegal, malicious practice, but with this group, in many instances, it’s all perceived as pranking, Avast concluded.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.