13 Ways Cyber Criminals Spread Malware

13 Ways Cyber Criminals Spread Malware
A computer virus detection symbol illustration, fractal artwork

Security incidents where hackers distribute malicious code (malware) via spam, phishing, exploits and compromised websites are hitting the headlines all the time. However, not all cybercriminals are super proficient in programming or have enough resources to buy exploits or rent spam botnets. There are lots of petty crooks who would be happy to get a few dozen successful installs of their viruses.

Having spent some time scouring darknet forums, I have identified and compiled 13 techniques for spreading malware – be it a data stealer, hidden miner, crypto ransomware, or just adware. – that are used by low-profile black hat hackers. So, let’s get right to the point and cover the most common ways rogue players deposit perpetrating programs on victims’ computers.

1. Micro job websites

These are online crowdsourcing platforms where hundreds of people perform various tasks for a small reward. The idea is prosaic: you post an assignment like “Download and install the file”, with a description saying you are a beginning coder and want to test your software on different operating systems, which explains why you need users to launch it.

It’s preferable to add the file to a password-protected archive, upload it to Dropbox or Google Drive and provide the password in the assignment or indicate it in the name of the archive. This tactic will get you more victims, because users tend to trust services like Dropbox or Google Drive, thinking they are virus-free – which is true, but a password-protected archive with malware inside will even slip under the radar of VirusTotal at 0/67.

In this scenario, about 10 users per day may get on the hook. This method is the easiest and the most passive one. It requires low spending (about $5 for a start), and you will definitely get the bang for that buck multiple times.

Basic OPSEC applies here (as well as all other methods described below) – use TOR + best VPNs, pay with cryptocurrencies, desirably Monero.

2. Social network spam

This technique is a bit more complicated but it’s more effective in terms of the number of installs. It boils down to spamming different open groups on Facebook or other social media, posting catchy messages like, “Hey, here’s a private cheat for CS:GO/Minecraft/Warface, no ban for a month.” The wording has to be down-to-earth, with no overly smart phrases – just write as if you were interested in that subject yourself and really wanted to find the cheat someplace.

3. Another method with Facebook

Create a run-of-the-mill profile of a businessman, fill out all the details, make a neat wall and get as many likes and comments as possible. The tactic of pretending to be a Bitcoin miner who makes a couple of grand a day has been working wonders lately. Be sure to post screenshots of how much you allegedly earn right on your wall.

The catch is, you’re supposedly selling a private mining program that brings up to $50 a day without any efforts. You need to be posting news and customer feedback with words of gratitude on a daily basis for about a week. And then, finally, you post something like, “On the occasion of 30 plus buys of my program, I’m making it publicly available. I’ll delete this post in a week, so hurry up and get your chance to make money the easy way.”

Then, imitate some hype in the comments, engage ads to bring traffic, keep making your page more popular – and voila, you get real installs.

4. YouTube spam

When implemented right, this tactic can get you lots of installs. This is doable by commenting cryptocurrency mining-themed videos or reviews of different game cheats. What you can do is post comments from dummy accounts, get a bunch of likes for your comments, and dislike everyone else’s. You can ensure a fair number of installs as long as you spend enough time doing this.

5. Fake website/Watering hole

This is one of the most effective ways to spread malware. It’s a no-brainer to create a site using WordPress, and it’s even easier to download or buy a turnkey script. Then, purchase ads on some channel with the right target audience and watch your installs soar. The only flip side is that you have to pay for the advertising.

6. Anonymous chat rooms

I’m pretty sure everyone knows what anonymous chat rooms are. Now then, they are a lucrative ecosystem for malware promotion. Oversexed individuals love these types of chats, so a message like, “Here’s a naked photo of my girlfriend, do you like it?” plus a hyperlink will do the trick. There is a bevy of potential victims there. All that’s left to do is find the target audience and spam it heavily.

7. Telegram chats

What you are supposed to do is spam themed chat rooms on Telegram messenger, offering something that the users would most likely be interested in. In other words, if the chat is dedicated to crypto mining, peddling cheat codes for Minecraft in it is, obviously, a no-go.

A lot of Telegram chats are publicly accessible, and they boast a sizeable traffic volume. For instance, 1000 people will see your booby-trapped link along with the misleading description, 200 of them will peruse it and get interested, and 10-15 people will run the file.

8. Pushing a viable moneymaking scheme

Here’s how this one works: you come up with some sort of an online business model that’s not mainstream, and announce a recruitment campaign to get those interested on your team. Spend some time boosting comments, likes and reposts for this scheme on your blog or social network page, making it all look credible.

Then, you should buy ads on a “make money online” themed YouTube channel, telling its owner that you’re offering a great way to earn a pretty penny and asking them to spread the word about it. If this part works out, the channel will promote your page and lots of people will download the archive with the manual describing your model. What’s the catch? The folders inside that archive contain your malware, and some people will run it accidentally because it has a regular folder icon, or they will launch it because the manual tells them to. The profit is obvious in this case.

9. Distribution via browser games

These types of games are schoolkids’ favorites. Your plan is to find any browser game forum and start a thread about some kind of a contest. For example, type a game-related assignment in Notepad and announce a contest whose winner allegedly gets $25. Then, bundle your malware with that document and make sure the culprit has an icon of a text file. The kids will go off at full score trying to solve your task without having a clue that there’s a virus on board. Moreover, more responses will heat up the community’s interest.

10. Dating sites

It’s simple: you exchange some appealing messages with a potential victim to build trust, and when the communication gets more intimate you send that person an archive with fake photos. One of the files inside the archive is your malware camouflaged as a picture. If your malicious program is an information stealer, you can thus get the prey’s logs and blackmail them.

11. Playing with someone’s feelings

Create a trustworthy-looking account of a pretty girl on a social network or dating site, wait for about a week so that the account doesn’t appear brand-new, inflate it with posts and boost the likes. Then, search for men aged 35-60 and select the ones whose status is “married”. Reach out to their wives, saying “How come you don’t look after your husband at all? I’m going out with him every week, here’s a video proof of what we do. You’d better not watch it if you’re touchy.” Most victims will get curious enough to click on that link, which means you get new installs.

12. Dark web forums

Sign up with one of these resources and create a new topic saying something like, “Dumping a killer scheme to make money, it’s being sold on another forum for $200 – contact me via Telegram.” Wait for those interested to show up and send them the document bundled with malware. Use your data stealer to access their profiles, create similar topics on their behalf and simulate some positive feedback for your post. This way, you will keep making victims until forum admins ban everyone who ran the bad code.

13. The most profitable method

It’s somewhat harder to pull off than the rest, though. Go to a crypto mining forum and find the software section. Spot an appropriate thread, copy the entire text and all the pictures, and then translate it into Spanish, German and French. Google Translate will do the trick.

Then, find major mining forums in these foreign countries and create topics with the translation as if you were presenting new software that prevents your mining farm from overheating. Be sure to provide a link to the purported software at the end of the posts, preferably a direct one leading to GitHub. That’s it. This is the best target audience for a data stealer.

Now that you are aware of the core steps used by cybercriminals to spread malware I hope this will help you to be secure online and don’t fall for such methods. Also, don’t forget to check these seven ways in which a USB stick could become a security risk for your device.

Related Posts