Dark Utilities – a budding service, which emerged in early 2022, has lured around 3,000 users already for its capability to offer command-and-control (C2) services with its primary aim of controlling hacked systems. “It is marketed as a mean to enable remote access, command execution, distributed denial-of-service (DDoS) attacks, and cryptocurrency mining operations on infected systems,” CISCO Talos said.
In addition, it offers key credentials to infrastructure hosted on the Clearnet as better as the TOR network and other corresponding payloads that offers end-to-end encryption with support for Windows, Linux, and Python-based executions for a mere €9.99. Further, the authorized users on the corresponding platform are introduced to a dashboard that drives it feasible to induce fresh payloads curtailed to a specialized operating system which can then be deployed and executed on target hosts.
Henceforth, utilizers are offered a managerial panel to execute commands on the machines in their prime authority upon appointing a functioning C2 channel, efficiently allowing the hacker complete assess to the systems. Moreover, this particular idea is to allow threat actors to aim at numerous architectures without needing specialized expansion attempts. In addition, some technical assistance and support via Discord and Telegram are also extended to its customers.
In these criteria, the investigators noted and said, “Given the relatively low cost compared to the amount of functionality the platform offers, it is likely attractive to adversaries attempting to compromise systems without requiring them to create their own C2 implementation within their malware payloads.”
Subsequently, to add charm to this incident, the malware artifacts are hosted inside the localized InterPlanetary File System (IPFS) resolution, building them very much flexible for content manipulation or law enforcement intervention in a pretty common manner to “bulletproof hosting.” In addition to this, the researcher Edmund Brumaghin added in his statement, “IPFS is currently being abused by a variety of threat actors who are using it to host malicious contents as part of phishing and malware distribution campaigns.”
He further stated, “[The IPFS gateway] enables computers on the internet to access content hosted within the IPFS network without the requirement for a client software installation, similar to how Tor2Web gateways provide that functionality for content hosted within the TOR network.”
In this regard, Dark Utilities is supposed to be the craftsmanship of a malicious threat actor who works as the moniker Inplex-sys in the cybercriminal secret space, with Talos tracking down a few types of a “collaborative relationship” between Inplex-sys and an operator of a botnet facility called Smart Bot.
In this context, the researchers further added, “Platforms like Dark Utilities lower the barrier to entry for cybercriminals entering the threat landscape by enabling them to quickly launch attacks targeting a variety of operating systems.”