Europe-U.S. Operation Targets Cybercrime Service Providers

Two Romanian suspects have been arrested for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection. These services have been purchased by more than 1560 criminals and used for crypting several different types of malware, including Remote Access Trojans, information stealers and ransomware.

The pair also operated the Cyberscan service which allowed their clients to test their malware against antivirus tools.

This operation was led by the Romanian Police (Poliția Română) together with the United States Federal Bureau of Investigation (FBI), the Australian Federal Police (AFP), the Norwegian National Criminal Investigation Service (Kripos) and Europol. It was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT). 

The operation resulted in two administrators being arrested in Romania, four house searches in Bucharest and Craiova, and the backend infrastructure being taken down in Romania, Norway and the United States.

During the action day, a virtual command post was set up by Europol, allowing for the real-time exchange of information between all involved countries to adjust the operational strategy as required.

One common way for hackers to circumvent antivirus detection is through the use of crypters which encrypt or hide the underlying code in a piece of software, typically malware, to masquerade as something harmless until it gets installed on a victim’s computer.

The services provided by these two suspects fall under this category and have been offered for sale in the underground criminal market since 2010.

Their clients paid between US$40 to US$300 for these crypting services, depending on licence conditions. Their service activity was well structured and offered regular updates and customer support to the clients.

The criminals also offered a Counter Antivirus platform allowing criminals to test their malware samples against antivirus software until the malware becomes fully undetectable (FUD). The prices for this service varied between US$7 to US$40.

Read more at Europol

(Visited 49 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

Go to Top
X
X