Hacking Tools For Rent – Malware for the Hacker Wanna-be!

In a previous Blog Post we talked about Malware writers copying the marketing styles and delivery systems of mainstream software companies.  In today’s post, we’ll look at one interesting and popular malware product that’s being used a lot lately.  It’s offered on the Dark Web as a software as a service rental or a straight purchase offering as the customer prefers.  Wanna-be hackers can rent the program for as little as $29 per week.

What can it do?

First and foremost, FormBook is a data stealer.  It’s a keylogger that can detect and capture login and password credentials for any of the web sites you use.  It can snatch information from your clipboard that hold data your system is holding.It can grab HTTP/HTTPS/SPDY/HTTP2 forms and network requests processed on an infected computer.  It will grab passwords from browsers and email clients that you use.  it will also capture screenshots of your desktop.  FormBook can also receive remote commands from a command and control server on the Internet to update bots on host system, download and execute files, launch a command via ShellExecute, clear browser cookies, reboot or shutdown your system and even download and unpack ZIP archives that can slip other malware past your anti-malware system.

How is delivered to you?

Most commonly, it’s delivered via an e-mail posing as a delivery confirmation from shippers like DHL, FedEx or UPS but that can change with each hacking attack.  Remember, this software is for rent so lots of different hackers will use it at different times using different approaches.

What to look for:

Sample Subject Lines Used in FormBook Delivery Exploits include:

• HSBC MT103 PAYMENT CONFIRMATION Our Ref: HBCCTKF8003445VTC

• MT103 PAYMENT CONFIRMATION Our Ref: BCCMKE806868TSC Counterparty:.

• Fwd: INQUIRY RFQ-18 H0018

• Fw: Remittance Confirmation

• NEW ORDER FROM COBRA INDUSTRIAL MACHINES IN SHARJAH

• NO.: 10701 – Send Quotaion Pls

• Re: bgcqatar project

• Re: August korea ORDER

• Purchase Order #234579

• purchase order for August017

Why do Hackers rent their software to others instead of using it themselves?

Many times they do use it themselves first, make a bunch of money and then turn their software over to other hackers
on a fee basis perhaps just to reduce their workload or maybe to let someone else take the risks but they still keep making money without all of the hassles.