F-Scrack-Mimikatz shows how cybercrime requires little ability to write computer code – all you have to do is put together malware tools
Creating malware that is capable of making money takes little to no ability to write original computer code, recent research by Avast has shown. All that’s needed is the ability to bundle existing tools together using publicly available snippets of code.
The campaign Avast threat researchers analyzed is not unique, and is long inactive. But a patient study of the campaign – which you can read in full on Avast’s new tech blog, Decoded – shows how easy it is to become a cybercriminal today.
We named the malware F-Scrack-mimikatz because of its similarity to the password-scanner F-Scrack and its use of the password-stealer Mimikatz. The malware takes advantage of a computer’s poor security to access databases and ultimately demand a ransom or to run a coinminer depending on the target it infected.
Considering the damage that can be done by invasive malware and ransomware, the ease with which criminals can access these tools is alarming. It’s also very instructive to cybersecurity professionals who, in studying these tools can gain insights into stopping them.
Sextortion email scams are unsettling and can have serious real-world consequences. Read up on several prominent sextortion email campaigns and how to react to them.
Avast Threat Intelligence has identified a new advanced persistent threats (APT) campaign targeting government agencies and a government data center in Mongolia.