Tox: the first Ransomware-as-a-service free

Tox and you can create your own Ransomware! THE φέρεται να αποκάλυψε ένα πρωτότυπο κακόβουλο (malware) that acts as a Service! The first Ransomware-as-a-service called Tox is a fact! The amazing thing is that Tox is distributed .tox

McAfee Labs researchers discovered Tox on May 19 while surfing the Dark Web. According to the company updated on May 21st with FAQs and improved design. The core hasn't changed.

Highlights:

Tox is free. You just have to sign up for the site.
Tox uses TOR and Bitcoin. This allows some degree of anonymity.
Malicious software works as it advertises.

But how does a Ransomware-as-a-service work, and in particular the Tox?config screen

Once you register on the web of “”, you can create your own malware in three simple steps.

  • Enter the ransom amount, the website gets 20% of the ransom you will request.
  • Enter "your cause." You should state why you locked the victim's computer (piracy, browsing adult sites, possession of pornographic material, etc.)
  • Add captcha characters and you're ready.

This process creates an executable of about 2MB disguised as a .scr file. Then Tox "clients" can start distributing the malware as they wish. The Tox website (from the TOR network) will monitor the facilities as well as the profits. To earn your profits, after paying the commission, you must have a Bitcoin address.

Malicious software will encrypt all the data of its victims and ask for ransom.

Technical information

Although easy to use and functional, the malware seems to lack sophistication and effectiveness in . The developer or developers seem to have left many strings that can lead to their detection.

Examples:

  • C: / Users /Swogo/Desktop/work/tox/cryptopp/secblock.h
  • C: / Users /Swogo/Desktop/work/tox/cryptopp/filters.h
  • C: / Users /Swogo/Desktop/work/tox/cryptopp/cryptlib.h
  • C: / Users /Swogo/Desktop/work/tox/cryptopp/simple.h

The malware created by Tox has been compiled with MinGW and uses AES encryption with Crypto ++ library. Microsoft CryptoAPI is used to generate keys.

We do not expect Tox to be the latest malware to embrace this model. We also expect more specialized development and changes in encryption and tax evasion techniques.

We would like to thank Alexander Matrosov of the Intel Advanced Threat Research Group for his help with she.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).