Cisco Talos security researchers have identified a new service called Dark Utilities which provides a simple way for cybercriminals to set up a command and control (C2) center for illegal activities. Dark Utilities is therefore configured as a real one C2-as-a-servicefollowing a subscription model that is reaping great success in the field of criminal activities on the web.
A command and control center or server is the tool by which cyber attackers can control the activities of a malware with which they have compromised a target, sending commands, new configurations and new payloads, as well as receiving feedback, information, data and monitoring from compromised systems.
According to information gathered by security researchers, Dark Utilities offers a platform that supports Windows, Linux and Python-based payloads and removes the need to implement a C2 communication channel as it provides a tool that is already fit for purpose. This service would already have around 3000 active subscribers, with a negligible subscription cost starting from 9.99 euros. There is a series of additional features that can raise the price, but the worrying aspect is that with an outlay that is actually within anyone’s reach, one can get hold of a sophisticated and powerful tool for conducting criminal actions on the web.
Dark Utilities in circulation at least since the beginning of the year and according to the researchers the modular administration panel, with various modules intended for different purposes including DDoS and cryptojacking actions. The payloads are hosted on the Interplanetary File System (IPFS), a decentralized network system for data storage and sharing. The tool also allows you to establish persistence mechanisms on the target system.
Given its sophistication, very affordable price and the fact that it is already used by thousands of individuals, Dark Utilities is likely to attract an even wider audience. This is a very worrying aspect, since with such low access barriers these tools could be used even by completely incompetent actors, with the risk of causing completely unexpected damage.
Cisco Talos researchers have collected indicators of compromise for Dark Utilities that could be useful in identifying the possible presence of malware related to this platform.