Malware-as-a-service is spreading among teens

A group of teens used a Discord server to distribute malware — some that can mine cryptocurrencies, run ransomware attacks, and steal passwords and information. The group members, who were mostly between the ages of 11 and 16, discussed aspects of teenage life like school, their parents, and their teachers — and about tactics to hack people with malware-as-a-service. The group was discovered by researchers at Avast, a digital security software company.

Discord is a popular communication platform for mobile or PC that was originally used by gamers who wanted to chat and hang out while playing video games in different physical locations. Users can communicate on Discord via voice, video, or text and it also facilitates doing group activities together.

In this case, what caught the researchers’ eye was that the requested ransom fee was only $25 for access to the Discord server. Access to the Discord gave access to an easy-to-use malware builder and to an active community.

The group of young hackers used malware-as-a-service, which doesn’t require extensive technical ability. Avast malware researcher Jan Holman said that kids and teens are attracted to the groups because they see hacking as cool and fun. The malware builders provide an easy entry — they require no actual programming, just customisation of functions and appearance — into this activity and allow kids to prank people and make money. And the community aspect of a Discord server also provides a sense of camaraderie and community.

Once the teens have the malware-as-builder, they have to figure out how to deploy it, a task in which the community often assists. They might disguise the malware by creating a YouTube video to use as bait, which would explain cracks or tips for video games. The video would encourage viewers to click a link in the description — which would put the malware on the victim’s computer. To make the video seem legit, the members of the Discord group would add seemingly genuine comments of gratitude saying that the download link was safe. 

Once the attacker has the video set up, they post it in the Discord server and all of the other community members go to comment on it, providing social validation for potential victims. They even go so far as to “warn” victims that their antivirus might block it and give instructions on how to let the file slip through by allowing exceptions.

“We strongly caution against downloading cracked software and game cheats and especially against ignoring antivirus warnings and creating exceptions for such programs,” Holman said, adding that “if your AV program flags a ‘keygen’ or a cracked game as malware, chances are it really does contain malware. It is not the AV’s job to care about the legality of your software”.

When it comes to actual threats, the impact of this group is relatively low, found the researchers. “However, these activities by far aren’t harmless, they are criminal,” Holman said. “They can have significant personal and legal consequences, especially if children expose their own and their families’ identities online or if the purchased malware actually infects the kids’ computer, leaving their families vulnerable by letting them use the affected device. Their data, including online accounts and bank details, can be leaked to cybercriminals.”