The days when you had to write your own malware as a cyber-criminal, are long gone. If you know where to look, you will not only find malicious code in relevant forums, but complete malware software solutions with Trojans, dropper code, command-and-control servers and web-based admin interfaces. These are, just like the associated hosting, sometimes quite cheap to have and make some as well as open source code the round. For this, interested parties do not have to dive into the much-ridged “Dark Web”, such forums are found quite openly in the net. As a result, the target group experimenting with such malware is getting younger and younger – and often those newcomers do not know what they are doing.
Spied on by your own malware
Security researchers such as the MalwareHunterTeam or Misterch0c on Twitter have been reporting for some time that many newcomers infect themselves when distributing malware. Slowly it becomes clear that with these inexperienced malware operators – which are usually scorned by security experts as script kiddies or skiddies – more and more are really children or adolescents.
Turns out he's a skid, like really pic.twitter.com/4YIDDVvwly
— 𝙈𝙞𝙨𝙩𝙚𝙧𝙘𝙝0𝙘 (@MisterCh0c) April 15, 2019
The researchers usually track down the malware operators because they are following an infection, usually from one of their honeypot systems (computers that deliberately hang vulnerable on the Internet and capture malware infections so that researchers can analyze them). When analyzing the malware, the researchers then search for command-and-control servers and sometimes find these insufficiently or not at all secured. In the associated Twitter threads you will often see screenshots of the web admin interface of the Trojan, to which the researchers then have access. And more and more often they find then infection reports from the computer of the malware master, along with screenshots of his computer or his face, captured by the webcam on the computer of the Script Kids.
The researchers also report that it often makes no sense to report the malware campaigns leaked by these would-be hackers to the authorities. This is often true even if the script kiddies do real damage, such as tapping bank records and clearing accounts. Often, local law enforcement agencies react with disbelief or show no interest, for example, the MalwareHunterTeam reports again and again. And that, despite the fact that researchers with access to a Trojan admin interface and the associated logs can often identify the malware operators very precisely, right down to clear names, addresses and photos of the offender. Thus, even very awkward cyber crime apparently remains unpunished.