Malware service operators arrested; offered antivirus bypassing tools

Malware service operators arrested; offered antivirus bypassing tools

The malware encryption service run by a Romanian duo helped hackers embed malicious code in legit software to bypass antivirus tools.


In a press release, the European law enforcement agency Europol shared details of the arrest of a pair of malware encryption services operators based in Craiova and Bucharest, Romania.


The pair ran online malware encryption services, aka crypting services dubbed CyberSeal and Dataprotector. These services were offered to cybercriminals to encrypt the computer code in malware, including information stealers, Remote Access Trojans, and ransomware, to help cyber criminals launch attacks successfully.


See: 13-year-old student arrested for hacking school computers


The pair also offered the Cyberscan service through which their cybercriminal clients could test their malware against antivirus (AV) programs. Malware authors used these services to wrap their payloads in encryption shells to bypass most of the AV tools.

According to Europol, over 1,560 cybercriminals purchased these services for creating different types of malware, and in total, they managed to improve 3,000 malware strains. These strains were later used to launch cyberattacks around the globe. Hence, the duo was a key player in many successful malware attacks.


In exchange for their services, the Romanian operators received significant amounts of money. For testing samples against AV scanners, the operators demanded $7 to $40, and for the actual crypting services, they asked for $40 to $300.



Cyber-Seal (left) – Cyber Scan (right) Both websites are now offline (Im ..