Tox and you can create your own ransomware! McAfee has reportedly uncovered a prototype malware that works like Service! Το πρώτο Ransomware-as-a-service με το όνομα Τox είναι γεγονός! Το εκπληκτικό είναι ότι το Τox διανέμεται δωρεάν.
McAfee Labs researchers discovered Tox on May 19 while surfing in Dark web. According to the company, the malware was updated on May 21 with FAQs and improved design. The core has not changed.
Highlights:
Tox is free. You just have to sign up for the site.
Tox uses TOR and Bitcoin. This allows some degree of anonymity.
Malicious software works as it advertises.
But how does a Ransomware-as-a-service work, and in particular the Tox?
Once you register on the website of “producttos", you can create your own malware in three simple steps.
- Enter the ransom amount, the website takes a commission of 20% of the ransom that you will ask for.
- Type “your reason.” You should write down why you locked him computer of the victim (piracy, browsing adult sites, possession of pornographic material, etc.)
- Add captcha characters and you're ready.
This process creates an executable of about 2MB disguised as a .scr file. Then Tox "clients" can start distributing the malware as they wish. The Tox website (from the TOR network) will monitor the facilities as well as the profits. To earn your profits, after paying the commission, you must have a Bitcoin address.
Malicious software will encrypt all the data of its victims and ask for ransom.
Technical information
Although handy and functional, malware seems to lack complexity and effectiveness in the code. The developer or developers seem to have left many strings that can lead to their localization.
Examples:
- C: / Users /Swogo/Desktop/work/tox/cryptopp/secblock.h
- C: / Users /Swogo/Desktop/work/tox/cryptopp/filters.h
- C: / Users /Swogo/Desktop/work/tox/cryptopp/cryptlib.h
- C: / Users /Swogo/Desktop/work/tox/cryptopp/simple.h
The malware created by Tox has been compiled with MinGW and uses AES encryption with Crypto ++ library. Microsoft CryptoAPI is used to generate keys.
We do not expect Tox to be the latest malware to embrace this model. We also expect more specialized development and changes in encryption and tax evasion techniques.
We want to thank Intel Matrosov's Advanced Threat Research Team for his help with this research.