Understanding Crypter-as-a-Service in a Popular Underground Marketplace
Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs from now on) applications. They work similar to packers, by taking a malware binary M and applying a series of modifications, obfuscations and encryptions to output a bina...
Saved in:
Published in | 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) pp. 85 - 90 |
---|---|
Main Authors | , |
Format | Conference Proceeding |
Language | English |
Published |
IEEE
08.07.2024
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs from now on) applications. They work similar to packers, by taking a malware binary M and applying a series of modifications, obfuscations and encryptions to output a binary M^{\prime} that evades one or more AVs. The goal is to remain fully undetected, or FUD in the hacking jargon, while maintaining its (often malicious) functionality. The Crypter-as-a-Service model is a popular activity among the commoditization in cybercrime, due to the increased sophistication of detection mechanisms. In this business model, customers receive an initial crypter which is soon updated once becomes detected by anti-viruses. This paper provides the first study on an online underground market dedicated to Crypter-as-a-Service. We compare the most relevant products in sale, analyzing the existent social network on the platform and comparing the different features that they provide. |
---|---|
ISSN: | 2768-0657 |
DOI: | 10.1109/EuroSPW61312.2024.00016 |