Thanatos at IPS. Researchers at SurfWatch Labs have been able to stop a developer who wanted to breach thousands of forums and websites hosted on Invision Power Services's infrastructure to develop the IP.Board forum software known as the IPS Community Suite.
Plan infringementof the platform was owned by the malware developer known as AlphaLeon. AlphaLeon since the beginning of March of this year started selling a new trojan which it has named Thanatos or Thanatos.
Malicious software was hacked as a MaaS platform (Malware-as-a-Service).
In order to increase the size of the Thanatos botnet and be more effective, AlphaLeon had to find a way to deliver the trojan to as many users as possible. For this purpose, he devised a plan and started with his realization.
She began looking for vulnerabilities and exploits for the Invision Power Services (IPS) infrastructure, which has its IPS Community Suite software as a hosting platform running on AWS (Amazon Web Services) servers.
When the hacker gained access to the IPS servers, he installed the exploit kit which began to automatically infect website visitors with the Thanatos trojan. The malware was finding its way to its victims' systems via old versions browser or program plugins tours.
IPS clients include major corporations such as Evernote, the NHL, The Group Warner Music, Bethesda Softworks, and LiveNation, as well as the classic IP.Board forums, IPS allows customers to create e-commerce stores.
AlphaLeon's plan was abruptly disrupted when the SurfWatch Labs security company understood its intentions while sneaking into Dark Web. Researchers contacted IPS, who was unaware of the hacker's violation, discovered the entry point, and closed the security gap. The incident occurred in early April, and IPS is still in the process of investigating the violation.
According to Thanatos' most recent ads on Dark Web, the trojan, which at the beginning of March was only a powerful banking trojan, has now been updated with additional features in the form of add-on modules.
These modules allow clients of the Thanatos botnet to unleash attacks DDoS, distribute ransomware, access the victim's camera, steal Bitcoin, send spam, and steal passwords.
