Malware-as-a-service functions similarly to a legitimate business model like software-as-a-service — access to a user-friendly interface and control panel that lets “customers” manage the software’s activities remotely. But in this case, cybercriminals offer malicious software or services for sale or rent. In this type of arrangement, cybercriminals act as service providers — they handle the technical aspects of malware creation, distribution, and maintenance. This allows less tech-savvy individuals to participate in malicious activities for a subscription fee.
Real life examples of malware-as-a-service
- ZeuS/ZBOT was a malware-as-a-service platform that emerged around 2007. It was designed to steal sensitive information, specifically targeting banking credentials. The ZeuS source code was sold or rented to various cybercriminals, who then used it to distribute customized versions of the malware.
- SpyEye was a similar platform to ZeuS. It allowed cybercriminals to steal banking credentials, and carry out financial fraud.
- Blackhole Exploit Kit allowed cybercriminals to launch drive-by download attacks, infecting users with ransomware or banking Trojans.
- Andromeda/Gamarue, a popular botnet-as-a-service platform that was used to distribute malware, carry out DDoS attacks, and perform spam campaigns.
- Cerber Ransomware was a ransomware-as-a-service platform that emerged in 2016. Using Cerber’s easy-to-use interface, criminals distributed customized versions of the ransomware. Meanwhile Cerber’s creators took a percentage of the ransom paid to the criminals by the victims.