Redbear Malware Testing Service Helps Malware Authors Fix Flaws in their Code for a fee
We have websites like StackOverflow to ask our coding queries and get the codes corrected. What do malware authors and malware buyers have? Brian Krebs discovered that they too have a service called Redbear which offers malware testing services to cybercriminals and malware authors for free.
Malware authors often sell their products online on dark web hacker forums or surface web market places like MagBo. However, once their product is sold, they don’t take any responsibility for updating the malware. They often release a newer version of the malware by fixing the flaws and vulnerabilities and sell it to the highest bidder.
On the other hand, ethical hackers and security researchers along with security companies constantly work on stripping the malware code to find vulnerabilities that let them beat the malware infection. We have already learned how a security researcher Marcus Hutchins who stripped the Wannacry malware and found the web address which acted as a sinkhole and stopped the most vicious infection the world has ever seen.
As security researchers and anti-virus companies find flaws in the malware, it becomes doubly necessary for the bad guys to check and update their malware. Also, most of the malware sold on the dark web market places contains a log of bad coding. The buyer has nowhere to turn to after buying a malware filled with bad code and vulnerabilities.
Enter Redbear which offers malware testing as a service. Redbear malware testing services is operated by “RedBear,” the administrator of a Russian-language security site called Krober[.]biz, which frequently blogs about security weaknesses in popular malware tools.
Redbear’s Krober operates for the cybercriminals like Flashpoint, Checkpost, Tripwire, Panda Security, etc. operate for us. These security companies follow a responsible disclosure policy and report about the vulnerabilities in software and gadgets after the tech companies have fixed the same. Similarly, Krober publishes vulnerabilities in malware on its website after the malware is patched. Honor among thieves!
Malware authors and buyers pay fees in advance to Krober for a code review that promises to unmask any backdoors and/or harden the security of the malware. RedBear’s service is marketed not only to malware creators but to people who rent or buy malicious software and services from other cybercriminals.
Krebs says that RedBear isn’t operating the malware code patching website alone. Over the years he has partnered with one hacker known as “upO” and “Lebron.” Redbear is quite famous in the cybercriminals community and gets customers regularly.
Seems like a nice business that Redbear has lined up.