We have malware-as-a-service and ransomware-as-a-service, now get ready for Dropper-as-a-Service (DaaS). Cybercriminals are an ambitious breed and to maximize their profits, they are leveraging DaaS to proliferate their malware across thousands of computers.
What can DaaS do?
This service allows newbie threat actors to have their malware distributed to targets via droppers.
These droppers impersonate pirated or real apps that the victims are tricked into downloading.
Research by Sophos discovered that a network of websites is acting as a DaaS. The service is relatively cheap and some of them charge as low as $2 for 1,000 malware installs.
Why this matters
The scheme has been found to be dropping multiple kinds of malware based on time and locations. Some droppers acted as both infostealer and DaaS.
The DaaS business model is hugely reliant on cryptocurrency fraud and stolen credentials markets.
While the website networks have been around for a while, they are still relevant because of the corresponding market dynamics. The service includes every aspect of dropping malware into a target’s PC, with little to no skill required from the customer.
Ray of sunshine
Almost all the droppers are easily identified. However, since they come in encrypted archives, they cannot be detected unless unpacked.
The bottom line
As the X-as-a-service business model has gradually gained traction, malware developers are milking the trend to achieve even more financial gains. The behaviors and signatures emitted by the malware droppers can be detected in a corporate environment. Therefore, it is time to get away from the lure of getting cracked software to cut some costs.