The developers of Citadel, a new variant of the infamous Zeus Trojan, have adopted Software-as-a-Service (SaaS) and open-source models, allowing them to create malware with advanced features.
According to a report on Seculert blog, the team of developers went as far as creating a dedicated social network, which enables other cybercriminals to suggest new features and modules to the malware, report bugs and other errors in the system and even comment and discuss related issues with fellow “customers”.
Since Zeus source-code went public in 2011, the Citadel community became very active, and started contributing new modules and features to the malware.
Each successive version has added new modules and features, some of which were submitted by the Citadel customers themselves, including improved encryption, better tracker avoidance, and trigger-based video recording.
One of the most worrying features is a security vendor blacklist, which means that, once infected, the computer will be unable to download anti-virus software or updates.
Similar to legitimate software companies, the Citadel authors provide their customers with a user manual, release notes and a licence agreement.
In an online posting, discovered by security blogger Brian Krebs, Citadel’s developers claimed: “It’s no secret that the products in our field — without support from the developers — result in a piece of junk on your hard drive. Therefore, the product should be improved according to the wishes of our customers.”
Several experts agree that the open-source model may be the next growing trend in cybercrime. If this turns out to be true, IT sector might have to deal with cutting-edge, constantly evolving malware, designed by hundreds of people. And that is not a great prospect.
Google parent Alphabet sees market capitalisation surge over $2tn on plan to over first-ever cash…
Google asks Virginia federal court to dismiss case brought by US Justice Department and eight…
Snapchat parent Snap reports user growth, revenues in spite of tough competition, in what may…
Intel shares sag after company shares gloomy revenue predictions, as data centre chip demand hit…
Germany's Tuta Mail says Google broke EU's new DMA rules with March algorithm update that…
US auto safety regulator opens new investigation into adequacy of Tesla Autopilot recall, saying it…