Researchers at CSIS have been documenting the emergence of a new cybercrime toolkit that boasts the ability to let users launch distributed denial of service (DDoS) attacks, perform data exfiltration and engage in Bitcoin mining on several popular browsers.
“We’re looking for active samples for this kit to fully get an understanding about its capabilities, however obviously – we are looking at a new crimeware kit with a lot of different functions and plugins,” wrote CSIS’ Jonas Monsted.
The toolkit called Atrax, which utilizes the Tor network for communications, is being offered on the black market for as little as $250 with basic functionalities, but also offers several addons and plugins to enable other features for additional fees, including:
- Addon DDOS: $90
- Addon Form Grabber: $300
- Addon Reverse Socks: $400
- Plugin Stealer: $110
- Plugin Coin Mining: $140
“The kit is designed to both be stealthy using TOR to communicate with C&Cs but also to be abused to conduct DDoS attacks and systematically stealing data from infected hosts,” Monsted said. “As plenty of these commercialized kits Atrax comes with free updates, support and bug fixes. Interestingly, payments can only be done using Bitcoins.”
CSIS published information on the Atrax toolkit the same day European Bitcoin payment processor BIPS said it was the victim of a cyberattack that resulted in the theft of 1,295 Bitcoin worth an estimated $1 million. The company says it was the target of a Distributed Denial of Service (DDoS) attack in mid-November while the attackers also sought to gain access to users’ online wallets.