14 DAY TRIAL // Security researchers have come across a new cybercriminal kit that’s currently being advertised on underground forums. The kit is called Atrax and its main platform costs only $250 (€184).
Experts from CSIS have analyzed the threat and found that it uses the TOR protocol to make sure that C&C communications are stealthy. Atrax is capable of performing various tasks, such as launching DDOS attacks, grabbing data from forms and web browsers, and mining Bitcoins and Litecoins.
The main component is fairly large in size – around 1.2MB. However, authors say this is because of x64/x86 code and integration with TOR. On the other hand, the cybercriminals do offer a smaller (2KB) first stage assembler downloader for free to make the infection process more efficient.
The main component integrates features that allow customers to kill bots, install plugins, download and execute files, and make updates. The download and execute commands can be done normally or through TOR. The downloaded files can also be executed directly in the memory.
The rest of Atrax’s capabilities are provided by various add-ons and plugins.
Each of the components must be purchased separately. For instance, the DDOS add-on costs $90 (€66), the form grabber costs $300 (€220), while the reverse Socks add-on can be bought for $400 (€300).
The Bitcoin mining plugin is still experimental, but it can be acquired for $140 (€100). The plugins are also designed to communicate over TOR.
It’s worth noting that the author only accepts payment in Bitcoins. The cybercriminals claim that Atrax is the first public bot to support Windows 8, but experts are not convinced that this is true.
Additional technical details on Atrax are available on CSIS’s blog.