Page 22 - CDM Cyber Warnings November 2013
P. 22
New crimekit Atrax exploits Tor, mines Bitcoin, etc.
Atrax, yet another commercial crimekit on the black market, a malware able to exploit Tor
and that implements numerous features including Bitcoin mining.
Atrax is the name of the last crimekit that is sold in the underground market, its particularity is
the capability to exploit Tor networks to communicate with Command & Control infrastructure.
Jonas Mønsted of the Danish security firm CSIS, published a blog post that describes in depth
the crimekit. The malware isn't the first agent that adopted as communication channel the Tor
network, we found in the past other botnets exploiting the same trick to high malicious traffic,
recently Mevade was responsible for the spike in the Tor traffic, while going further back in time
we can mention Skynet The Atrax crime kit is cheap, it is available for runs about $250, and
appears very attractive due a series of features like Bitcoin mining, Litecoin mining, browser
data extraction and a component to launch DDoS attacks. The DDoS module offer complete
support for both Full IPv6 and IPv4 and implements principal attack techniques including UDP
Flood,TCP Flood,TCP Connect Flood, HTTP Slowloris and many other methods. The recent
explosion in Bitcoin value is attracting cybercrime, for this reason authors of Atrax included in
the crimekit dedicated features including the capability to steal information from users’ Bitcoin
wallets (such as Armory, Bitcoin-Qt, Electrum and Multibit).
As many other crimekit, Atrax was designed with a modular structure, a series of add-ons
implements the above functionalities and follow an efficient model of sale, a plugin stealer is
sold for $110, the form grabber for $300 and an experimental add-on for coin mining at $140,
surprising the fact that Atrax comes with free updates, bug fixes and support.
22 Cyber Warnings E-Magazine – November 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
