Cybersecurity experts from Avast uncovered a Discord server dedicated to “malware-as-a-service” products. According to Avast, malware-as-a-service “allows people to hack other people without any programming or technical skills. It’s basically plug-and-play hacking for whomever is interested, only requiring users to determine details like a custom icon or a binary to be used as a carrier for the malicious code.” It discovered that the developer of the “Lunar” malware was selling it on Discord for between €5 and €25.
The malware was mostly distributed through YouTube. Bad actors would create YouTube videos advertising game cheats. Members from the Discord would comment on the YouTube videos confirming the “legitimacy” of these cheats. However, the linked URL would instead lead to the malware.
Avast was most shocked by the ages of those participating in the server. It believes that most of the members are minors between the ages of 11 and 16. It came to this conclusion based on the topics of conversation and vocabulary of the members as well as the most popular malware options. Avast remarked, “the Lunar malware builder included options like password and information stealing, crypto mining, and ransomware.” Nevertheless, members were far more interested in stealing gaming accounts, deleting Minecraft and Fortnite folders, or repeatedly opening browsers to websites with adult content.
The “ransoms” they demanded were also laughably small. Avast noted that one ransom was only for $25 USD. This evidence led Avast to conclude that the server was primarily dedicated to “pranks that teenagers might be interested in.” It determined that the threat level of this server is “low,” but have reported it to Discord. Discord has since removed the server.
One of the most fascinating aspects of the server was the kind of community it created. Many of the members would just hop onto the Discord to chat with one another. Nevertheless, like any community, there were issues. Avast noticed that there was, “infighting, instability, potential bullying, and members stealing each others’ code and selling it themselves.” There is also the issue that many of the community’s actions were illegal and could potentially put themselves or loved ones in real danger. Nevertheless, this is a fascinating look at the way both malware and community are evolving.