According to Avast, a digital protection and privacy company, a community of minors has been building, sharing, and distributing viruses, including ransomware, malware and other information stealers, online.
Avast claims the community attracts young people by advertising access to malware builders and toolkits that allow novices to create malware easily.
People must pay to join the group in some instances, and in others, the tool is provided for $7 to $37.
It’s used to distribute malware families such as Lunar, Snatch, and Rift on Discord servers as a group discussion forum as part of the malware-as-a-service trend.
“The discussion boards unveil that kids revealed their ages, discussed the idea of hacking teachers and their school systems and mentioned their parents in conversations. Findings show the ages of participants vary from 11 to 18-year-olds.” says Avast
A Discord group dedicated to the sale of Lunar had over 1,500 users, of which about 60-100 were client roles, indicating that they had paid for the builder. According to the company, a wide range of malwares are being traded among teenagers and adults that contain password and private information stealing, cryptomining, and even ransomware.
If a client buys a builder tool and uses it to steal data, the sample will send the stolen data to the client that created and distributed it. A client can also create a ransomware sample, which will ask the victim to send money to the client’s crypto wallet.
Pranking others by destroying Fortnite and Minecraft folders, as well as repeatedly opening a web browser containing adult content, are among the prominent features.
Avast Malware Researcher Jan Holman says malware builders provide an affordable and easy way to hack someone and brag about it to peers, and even a way to make money through ransomware, crypto mining and the sale of user data,
“These communities may be attractive to children and teens because hacking is seen as cool and fun.“
“However, these activities aren’t harmless, they are criminal. They can have significant personal and legal consequences, especially if children expose their own and their families identities online or if the purchased malware actually infects the kids computer, leaving their families vulnerable by letting them use the affected device. Their data, including online accounts and bank details, can be leaked to cybercriminals,” says Holman
Clients use YouTube to market and distribute malware
According to Avast, some clients use YouTube to advertise and distribute malware after purchasing and compiling individualised malware samples. Researchers at the company have seen clients create YouTube videos describing cracked games or game cheats, which they then link to. However, the URL leads to their malware rather than information.
Holman added the technique is quite insidious, because instead of fake accounts and bots, real people are used to upvote harmful content.
Avast discovered that although group members supported each other with cybercrime, there was also information and money stealing, and conversations became quite hostile.
The online security software company claims that they informed Discord about these groups, and Discord confirmed that they took action to address these types of groups and banned the servers associated with Avast’s findings.
A considerable amount of, instability, and bullying between users fighting for the most cutthroat competition, which included appropriating someone else’s codebase and slandering them, was observed.
Discord provided Avast with tips on how parents can help their children set up their accounts to avoid receiving messages from unfamiliar people. The Discord blog provides more safety advice for parents.