"A Growing Number of Malware Attacks Leveraging Dark Utilities 'C2-as-a-Service'"
Dark Utilities is a new service that has already attracted 3,000 users because of its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems. It is marketed as a way to enable remote access, command execution, Distributed Denial-of-Service (DDoS) attacks, and cryptocurrency mining operations on infected systems, according to Cisco Talos. Dark Utilities, which debuted in early 2022, bills itself as a "C2-as-a-Service" (C2aaS), providing inexpensive access to infrastructure hosted on the clearnet and the TOR network, as well as associated payloads with support for Windows, Linux, and Python-based implementations. Authenticated platform users are presented with a dashboard from which they can generate new payloads tailored to a specific operating system, which can then be deployed and executed on victim hosts. Furthermore, after establishing an active C2 channel, users are given an administrative panel from which they can run commands on the machines under their control, effectively granting the attacker full access to the systems. The goal is to allow threat actors to target multiple architectures without requiring extensive development. Technical support and assistance are also provided to customers via Discord and Telegram. The malware artifacts are hosted within the decentralized InterPlanetary File System (IPFS) solution, which makes them resistant to content moderation or law enforcement intervention in a similar way to "bulletproof hosting." According to Talos researcher Edmund Brumaghin, IPFS is currently being abused by various threat actors to host malicious content as part of phishing and malware distribution campaigns. The IPFS gateway allows computers on the Internet to access contents hosted within the IPFS network without the need for client software installation. This article continues to discuss observations made regarding the Dark Utilities C2aaS.
THN reports "A Growing Number of Malware Attacks Leveraging Dark Utilities 'C2-as-a-Service'"