This news is more about script kiddies. We mean the "hackers" who carry out hacking with third-party tools…
A hacker who uses as an alias, Pahan began infecting other hackers with various malware, apparently for his own benefit.
You know that the internet is full of "hacking forums" where hacking tools and guides are traded. These are the places where you can find various already malware and exploits, by cyber-criminals who develop or modify them. Meanwhile all these forums are under close scrutiny by various security companies and obviously by the authorities.
So, according to a Sophos publication, a hacker develops tools that target other hackers.
Using the aliases Pahan, Pahan12, Pahan123, or Pahann, this person has promoted his hacking tools to various hacking forums, and Sophos has discovered that all of the tools available to that user are infected with malicious software.
Its tools include keyloggers that intercept passwords and hijack malware/botnet control panels.
Sophos has already mentioned three such cases.
The first is on a hacking forum where Pahan provided a free download of Aegis Crypter, a tool that performs obfuscating and malicious applications by anti-virus scanners. According to Sophos, this tool was infected with the RxBot trojan.
In the second incident (March of 2016), Pahan, using the pseudonym Pahann, sold a version of KeyBase keylogger that infected his buyers with COM Surrogate malware, which then lowers RxBot, a Trojan that enslaves computers within a botnet.
In the last incident (July of 2016) Pahan, using the name Pahan12, offered a free version of the Remote Access Trojan (PHP RAT) called SLICK RAT. Sophos researcher Gabor Szapannos reports that SLICK RAT infects his victims with the KeyBase Keylogger, which collects passwords and sends them back to Pahan.
At present, it is not known how many wannabe hackers are infected with the malware distributed by Pahan.
