Understanding Crypter-as-a-Service in a Popular Underground Marketplace

Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs from now on) applications. They work similar to packers, by taking a malware binary M and applying a series of modifications, obfuscations and encryptions to output a bina...

Full description

Saved in:
Bibliographic Details
Published in2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) pp. 85 - 90
Main Authors De La Cruz Alvarado, Alejandro, Portillo, Sergio Pastrana
Format Conference Proceeding
LanguageEnglish
Published IEEE 08.07.2024
Subjects
Computer viruses
Crawler
Crypter
Cybercrime
Ecosystems
Industries
Law enforcement
Operating systems
Social networking (online)
Social Networks
Transforms
Underground Forums
Online AccessGet full text

Cover

More Information
Summary:Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs from now on) applications. They work similar to packers, by taking a malware binary M and applying a series of modifications, obfuscations and encryptions to output a binary M^{\prime} that evades one or more AVs. The goal is to remain fully undetected, or FUD in the hacking jargon, while maintaining its (often malicious) functionality. The Crypter-as-a-Service model is a popular activity among the commoditization in cybercrime, due to the increased sophistication of detection mechanisms. In this business model, customers receive an initial crypter which is soon updated once becomes detected by anti-viruses. This paper provides the first study on an online underground market dedicated to Crypter-as-a-Service. We compare the most relevant products in sale, analyzing the existent social network on the platform and comparing the different features that they provide.
ISSN:2768-0657
DOI:10.1109/EuroSPW61312.2024.00016