Thanatos at IPS. Researchers at SurfWatch Labs have been able to stop a developer who wanted to breach thousands of forums and websites hosted on Invision Power Services's infrastructure to develop the IP.Board forum software known as the IPS Community Suite.
The malware plan was known as AlphaLeon for the plan to violate the platform. AlphaLeon since the beginning of March this year has begun selling a new trojan that has named it Death or Thanatos.
Malicious software was hacked as a MaaS platform (Malware-as-a-Service).
In order to increase the size of the Thanatos botnet and be more effective, AlphaLeon had to find a way to deliver the trojan to as many users as possible. For this purpose, he devised a plan and started with his realization.
She began looking for vulnerabilities and exploits for the Invision Power Services (IPS) infrastructure, which has its IPS Community Suite software as a hosting platform running on AWS (Amazon Web Services) servers.
When the hacker gained access to the IPS servers, he installed it exploit kit which started automatically infecting website visitors with the Thanatos trojan. The malware was finding its way to its victims' systems via old versions browser or program plugins tours.
IPS clients include large Companies όπως η Evernote, το NHL, ο Όμιλος Warner Music, η Bethesda Softworks, και η LiveNation, καθώς εκτός από το κλασικό IP.Board forums, η IPS επιτρέπει στους πελάτες να δημιουργήσουν καταστήματα ηλεκτρονικού εμπορίου.
AlphaLeon's plan was abruptly disrupted when the SurfWatch Labs security company understood its intentions while sneaking into Dark Web. Researchers contacted IPS, who was unaware of the hacker's violation, discovered the entry point, and closed the security gap. The incident occurred in early April, and IPS is still in the process of investigating the violation.
According to Thanatos' most recent ads on Dark Web, the trojan, which at the beginning of March was only a powerful banking trojan, has now been updated with additional features in the form of add-on modules.
These modules allow Thanatos botnet customers to launch DDoS attacks, distribute ransomware, access the victim's webcam, steal Bitcoin, send spam, and steal passwords.
