Home STAY CURRENTArticles How the Two Accused Hackers Bypassed Antivirus Software

How the Two Accused Hackers Bypassed Antivirus Software

by CISOCONNECT Bureau

Recently, two individuals have been arrested by the Romanian police force for malware development and administration. Read on to know more…

Recently, two Romanian suspects have been arrested for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection. These services have been purchased by more than 1560 criminals and used for crypting several different type of malware, including Remote Access Trojans, information stealers and ransomware.

The two individual suspected hackers also operated the Cyberscan service which allowed their clients to test their malware against antivirus tools. The services are being suspected are CyberSeal and Dataprotector crypting and CyberScan; these are generally used to evade antivirus software detection.

Modus Operandi
Antiviruses are quite strong and hard to bypass, but still, the threat actors use a very common method. The hackers can bypass the antivirus through the use of crypters that encrypt or cover the underlying code in a portion of the software. Generally, it is malware that are being used to masquerade as something inoffensive until it gets installed on a victim’s computer.

One common way for hackers to circumvent antivirus detection is through the use of crypters which encrypt or hide the underlying code in a piece of software, typically malware, to masquerade as something harmless until it gets installed on a victim’s computer.

The services provided by these two suspects fall under this category and have been offered for sale in the underground criminal market since 2010.

According to the reports, the clients paid US$40 to US$300 for these crypting services, and it also depends on the license conditions. The criminals also offered a Counter Antivirus platform allowing criminals to test their malware samples against antivirus software until the malware becomes fully undetectable (FUD). However, all these service ventures were well structured and strived for automatic updates and customer assistance to the clients.

Joint Operations
The arrest of two individual cyber malicious operators are part of a joint operation that is covered by various law enforcement agencies from different countries. This operation was led by the Romanian Police (Poliția Română) together with the United States Federal Bureau of Investigation (FBI), the Australian Federal Police (AFP), the Norwegian National Criminal Investigation Service (Kripos) and Europol. It was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).

In this operation, the whole matter is being operated by Europol’s European Cybercrime (EC3). This operation has facilitated the transfer of information and presented forensic, malware, and operational summary for all kinds of action. During the action day, a virtual command post was set up by Europol, allowing for the real-time exchange of information between all involved countries to adjust the operational strategy as required.

Recommended for You

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads