Bild von kalhh auf Pixabay

Increasingly established in the cyber criminal market are new generations of CaaS, Crimeware as a Service, platforms, true “services” designed to enable digital criminals to spy on, steal, and resell data. One such platform is Dark Utilities.

Among the most recent developments in the cyber criminal market are increasingly established new generations of so-called CaaS platforms, Crimeware as a Service.

These platforms are true SaaS (Software as a Service) services designed to enable digital-age criminals for data espionage, theft and resale operations. One of these new platforms is called Dark Utilities.

The CaaS phenomenon actually originated several years ago, originally intended for organized groups, and has since expanded horizontally across multiple criminal disciplines:

  • botnet (BaaS);
  • phishing (PhaaS);
  • denial of service (DDoSaaS);
  • ransomware (RaaS);

New trends are consolidating for CaaS platforms. Slowly these platforms are abandoning the Dark Web.

This platform promotes itself by providing access to malicious remote access trojan (RAT) code, and managed command and control infrastructure that can be used out-of-the-box, with no need for malware development or offshore server management.

Dark Utilities is also marketed as a means to enable remote access, command execution, distributed denial of service (DDoS) attacks, and cryptocurrency mining operations on the systems on which it is installed. A feature set that leaves little benign to the imagination.

After a system has been infected by the Dark Utilities agent and established a communication channel with the CaaS platform, the attacker operating the account gains full access to the system: he can even have an interactive PowerShell prompt directly from the administration panel and a built-in Python interpreter to load Python scripts onto the victim’s machine.