Researchers stumble across online community of 11 to 18-year-olds constructing, exchanging and spreading malware
Published: 28 Jun 2022 13:09
Researchers at Czech cyber firm Avast have discovered an online community of children using dedicated Discord servers to build, exchange and spread malware, including ransomware, infostealers and cryptominers.
Various groups lure in individuals aged 11 to 18 by advertising access to different malware builders and toolkits that can be used to code malware without much technical expertise. Others specialise in the theft of gaming accounts, deleting Fortnite or Minecraft folders, or even online “pranks” such as causing a web browser window containing pornography to open repeatedly on the victim’s system.
In some cases, said Avast, the groups operate a pay-to-play system in which individuals have to buy access to malware builder tools, while in others, individuals can become group members but are then offered the tools for a nominal fee of between €5 and €25. Prices seem to differ based on the type of tool, duration of access, and so on.
The groups, which can have more than 1,000 members, tend to focus on malware-as-a-service type offerings, such as Lunar, Snatch and Rift, and Avast said that on observing their message boards, it was extremely obvious that group admins are preying on young people – participants often discuss their ages, and the idea of hacking their schools or parents is a topic that exercises many. Often, conversations turned nasty, with many observed instances of fighting, instability and bullying.
“These communities may be attractive to children and teens as hacking is seen as cool and fun, malware builders provide an affordable and easy way to hack someone and brag about it to peers, and even a way to make money through ransomware, cryptomining and the sale of user data,” said Avast malware researcher Jan Holman.
“However, these activities by far aren’t harmless – they are criminal. They can have significant personal and legal consequences, especially if children expose their own and their families’ identities online or if the purchased malware actually infects the kids’ computer, leaving their families vulnerable by letting them use the affected device. Their data, including online accounts and bank details, can be leaked to cyber criminals.”
Another notable feature of many of these groups that Avast observed is the use of YouTube to market and distribute malware. In many cases, the firm’s researchers found community members creating YouTube videos that supposedly show information about a cracked game or cheat codes, which are linked to, but in fact lead to the malware.
To create trust and game YouTube’s algorithms and moderation policies, users will ask fellow community members to like and leave comments under the video, endorsing it and giving it the appearance of legitimacy.
“This technique is quite insidious, because instead of fake accounts and bots, real people are used to upvote harmful content,” said Holman. “As genuine accounts are working together to positively comment on the content, the malicious link seems more trustworthy, and as such can trick more people into downloading it.”
Avast said it had reached out to Discord, which has since banned the servers associated with the company’s research, and has also created detections for the malware samples it found being spread.
However, said the Avast team, some responsibility must still rest with parents to teach children to behave safely online.
In particular, it is important to be sceptical of attractive offers such as game features or pre-releases, which are often used as lures, and to learn the importance of not revealing any passwords or personal information if active on multiplayer platforms, such as Minecraft.
“What may seem venturesome and fun can bring serious harm to others and be an actual criminal offence,” said Avast’s team “Young children may think they are safe as they aren’t legally liable yet, however, their parents are. It is important for parents to talk to their children about this.”
Read more on Hackers and cybercrime prevention
COPPA (Children’s Online Privacy Protection Act )
By: Katie Terrell Hanna
It takes a village: Protecting kids online is everyone’s responsibility
By: Peter Allison
Gamarue malware found on government-issued school laptops
By: Alex Scroxton
Scam mobile apps spreading via rogue TikTok accounts
By: Alex Scroxton
Web3 and the transition toward true digital ownership
Image Credit: ArtemisDiana/Getty
Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
How do you think you would answer if I asked you the following question: “What do you own online?”
In real life, you own your home, the car you drive, the watch you wear, and anything else you have purchased. But do you own your email address or your business’s website? How about the pictures that populate your Instagram account? Or the in-game purchases on Fortnite or FIFA video games or whatever else you are playing?
My best guess is, after casting your mind through the things you use the internet for (which for everybody is pretty much everything, social and professional), you would struggle to find a solid answer.
Maybe you would ask me to explain what I mean by “ownership.” But it doesn’t really matter. And while I don’t mean this to be a trick question, it kind of is. Because in the current version of the internet, we don’t have ownership rights online.
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
Digital ownership: Participants and products
To understand why we don’t own anything online, we must first understand the evolution of the internet and how it gave rise to the business model that has dominated its current iteration.
In the 1990s — the decade of desktop computers and dial-up connections — the internet was predominantly a content delivery network consisting of simple static websites showcasing information. What we refer to today as Web1 was slow, siloed, and disorganized.
Next came the platforms, such as Facebook (now Meta) and Google, driven by wireless connectivity and the development of handheld devices like laptops, smartphones, and tablets, which gave us free-to-use services that enabled us to edit, interact with and generate content. These platforms centralized the web, putting in place a top-down structure that saw users reliant on their systems and services.
This evolution of the internet took place in the mid-2000s and is the version we know today. We call it Web2. It is a model based on connectivity and user-generated content, made in the image and interests of companies like Facebook, Twitter, Instagram, and YouTube.
In this environment, netizens are both participants and products. We sign up for services in exchange for our data, which is sold to advertisers, and we create content that generates value and fuels engagement for these platforms. We do all this while having no rights to anything online.
Our social media profiles can be taken down and our access to email accounts or messenger apps suspended. We don’t own any of the digital assets we purchase and have no autonomy over our data. Businesses we build online are often reliant on platforms and are therefore vulnerable to algorithms, data breaches and shadow bans.
The deck is stacked against us. Because the option not to be involved, when so much of the commerce and communication in the world takes place online, is not really an option at all. And yet there is nothing that we can point to and call ours. Nothing we have any actual authority over.
And, it is this dynamic that Web3 is determined to change.
Web3 and the “internet of value”
Right now, when most people hear the term “Web3” they probably think “metaverse”. But a better way to think about Web3 is as the evolution of the internet.
Today, the digital experience is very corporate and very centralized. Web3 will offer the dynamic, app-driven user experience of the current mobile web in a decentralized model, shifting the power from big tech back to the users. It will do this by spreading the data outward — putting it back in the hands of netizens who are then free to use, share and monetize it as they see fit — and expanding the scale and scope of interactions between users and the internet.
Underpinning that expansion will be guaranteed access, which means anyone can use any service without permissions and no one can block, restrict or remove any user’s access.
The idea then is that Web3 will not only be more egalitarian but that it will create an “Internet of Value” because the value generated by the web will be shared much more equitably between users, companies, and services, with much better interoperability. Users will have full ownership, authority, and control over both the content they create and their data. But how will this help us transition toward true digital ownership?
NFTs hold the key to digital ownership
The truth is that digital ownership is not too hard a problem to solve. And we already have the solution: NFTs.
In the public consciousness, NFTs are known for the projects that have garnered the most media attention, such as CryptoPunks and Bored Ape Yacht Club. While projects such as these have catapulted the term into the zeitgeist, the usefulness of the underlying technology has been much less discussed.
Simply put, NFTs act as proof of ownership. The details of the NFT’s holder are recorded on the blockchain, all transactions and transfers are tracked and transparent and available to the public, and everything is managed by the token’s unique ID and metadata.
So, how does this work in practice? Let’s say I create an NFT. As soon as I upload it, a “smart contract” is created that tracks its creation, the current owner, and the royalties I will receive. If someone decides to purchase it, they own that NFT and any additional perks that come with ownership. Their details are registered on the blockchain and nobody can edit or remove them.
Now, let’s say that the market for my NFTs starts to heat up, demand grows and the value of my collection begins to rise. If the owner decides to sell, they make a profit and I earn a small royalty from the resale. The change in ownership is tracked on-chain in real-time and the smart contract ensures my royalty fee is deposited directly in my wallet. This is the key value proposition of NFTs: Verifiable ownership and the option to liquidate digital assets.
What’s next for Web3?
This is what ownership looks like in Web3. It is the promise that netizens will be able to own their digital assets in the same way that they own their home, car and watch. NFTs will usher in a more equitable digital economy and will play a central role in the future of digital commerce.
The fact is that as of right now, we are still writing the Web3 rulebook. This is still a very new, very young space. And while few things are certain, what we can say for sure is that the internet is only moving in one direction: ownership.
The guiding principle in Web3 is to accelerate the transition towards a more equitable digital environment. It is very much opt-in, an internet built by the people for the people. It is one in which ownership is the foundation upon which new products, networks, and experiences are being built. And it is fundamental to establishing the internet of value.
Over the next few years, as Web3 develops it will operate alongside Web2. The infrastructure supporting Web2 is very strong and I don’t see us completely shifting away from that any time soon. However, in the medium-to long-term, Web3 will completely reshape our relationship with the internet.
Filip Martinsson is cofounder and chief operating officer of Moralis.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!
Apple blocked the latest Telegram update over a new animated emoji set
Ever since Apple launched the App Store, developers big and small have gotten caught up in the company’s approval process and had their apps delayed or removed altogether. The popular messaging app Telegram is just the latest, according to the company’s CEO Pavel Durov. On August 10th, Durov posted a message to his Telegram channel saying the app’s latest update had been stuck in Apple’s review process for two weeks without any real word from the company about why it was held up.
As noted by The Verge, the update was finally released yesterday, and Durov again took to Telegram to discuss what happened. The CEO says that Apple told Telegram that it would have to remove a new feature called Telemoji, which Durov described as “higher quality vector-animated versions of the standard emoji.” He included a preview of what they would look like in his post — they’re similar to the basic emoji set Apple uses, but with some pretty delightful animations that certainly could help make messaging a little more expressive.
“This is a puzzling move on Apple’s behalf, because Telemoji would have brought an entire new dimension to its static low-resolution emoji and would have significantly enriched their ecosystem,” Durov wrote in his post. It’s not entirely clear how this feature would enrich Apple’s overall ecosystem, but it still seems like quite the puzzling thing for Apple to get caught up over, especially since Telegram already has a host of emoji and sticker options that go far beyond the default set found in iOS. Indeed, Durov noted that there are more than 10 new emoji packs in the latest Telegram update, and said the company will take the time to make Telemoji “even more unique and recognizable.”
There are still a lot of emoji-related improvements in the latest Telegram update, though. The company says it is launching an “open emoji platform” where anyone can upload their own set of emoji that people who pay for Telegram’s premium service can use. If you’re not a premium user, you’ll still be able to see the customized emoji and test using them in “saved messages” like reminders and notes in the app. The custom emoji can be interactive as well — if you tap on them, you’ll get a full-screen animated reaction.
To make it easier to access all this, the sticker, GIF and emoji panel has been redesigned, with tabs for each of those reaction categories. This makes the iOS keyboard match up with the Android app as well as the web version of Telegram. There are also new privacy settings that let you control who can send you video and voice messages: everyone, contacts or no one. Telegram notes that, like its other privacy settings, you can set “exceptions” so that specific groups or people can “always” or “never” send you voice or video messages. The new update — sans Telemoji — is available now.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Youtube Crypto Influencer BitBoy Crypto Warns That He Is Planning Something That “Will Permanently Change Crypto”
Polkadot Stablecoin Depegs Following $1.2 Billion Acala Network Exploit
Shiba Inu eyes 50% rally as SHIB price enters ‘cup-and-handle’ breakout mode
Top 5 cryptocurrencies to watch this week: BTC, ADA, UNI, LINK, CHZ
AML and KYC: A catalyst for mainstream crypto adoption
‘Continue to ebb and flow over time’: Denny’s chief brand officer on how consumers’ moods inform brand messaging
Bitcoin hits $45K ahead of July inflation report, but one fractal hints at looming correction
Smart Marketing Token (SMT) Is on a Mission to Help Blockchain Projects Reach Their Goals
Identity management org Sailpoint unveils no-code tool
Japan crypto exchange bitbank upgrades performance of its matching engine by 4x
Bit Coin3 months ago
An Anime Action Adventure: YOANN․IO Seed Launch on KICK․IO
Bit Coin3 months ago
Miami and New York City coins tank despite Mayoral endorsements
Bit Coin3 months ago
Sequel to Iconic RPG Ni No Kuni to Feature NFT Integration and Play-to-Earn Mechanics
Bit Coin3 months ago
Swiss think tank urges greater global cooperation on crypto regulation
Ethereum3 months ago
Do Kwon Denies Terra 2.0 Has ‘Ninja’ Code that Enforces Vesting of Tokens, Says it Was Clarified in Proposal 1623
Tech3 months ago
Acer Nitro XV272 review: Top-tier gaming on a 1080p monitor
Bit Coin3 months ago
Aave Launches Social Media Project Lens Protocol With Over 50 Apps Built on Polygon
Tech3 months ago
Media Buying Briefing: Four takeaways on Upfront Week from a buyer’s perspective