Malware service providers arrested

The malware encryption service run by a Romanian based in Craiova and Bucharest duo helped hackers embed malicious code in legit software to bypass antivirus tools.

The pair ran online malware encryption services, aka crypting services dubbed CyberSeal and Dataprotector. These services were offered to cybercriminals to encrypt the computer code in malware, including information stealers, Remote Access Trojans, and ransomware, to help cyber criminals launch attacks successfully.

The pair also offered the Cyberscan service through which their cybercriminal clients could test their malware against antivirus (AV) programs. Malware authors used these services to wrap their payloads in encryption shells to bypass most of the AV tools.

Over 1560 cyber criminals purchased this and improved 3000 malware strains for sophisticated attacks. Testing samples against AV scanners, the operators demanded $7 to $40, and for the actual crypting services, they asked for $40 to $300. Varies on the requirements

Cybercriminals could embed and hide their malware in legitimate software by purchasing these services and circulated them to unsuspecting users. Cyberscan allowed attackers to test their malware strains against AV tools.

The duo had been offering crypting services since 2010. They launched the CyberSeal service in 2014 and Dataprotector in 2015. The Cyberscan service was comparatively new, as it was launched in 2019.

Romanian police obtained search warrants for locating the suspects. The police raided four homes, including the suspects’ houses in Craiova and Bucharest, and discovered back-end servers in Romania, the USA, and Norway. Finally the CyberSeal (cyber-seal.org) and Cyberscan (cyberscan.org) websites are now offline.