• Sat. Apr 13th, 2024

Syrian Hacker’s Darknet

Avatar photo

ByHarper Stewart

Sep 14, 2023
Syrian Hacker's Darknet
Harper Stewart
Latest posts by Harper Stewart (see all)

Two different CraxsRAT virus variants are sold by the cybercriminal, who goes by the nickname EVLF DEV. The hacker has reportedly resided in Syria for 8 years, according experts. Through the distribution of trojans, he has made roughly $75,000 so far.

A cybersecurity firm called Cyfirma also discovered that throughout the previous three years, the attacker mostly provided consumers with malware as a service, or MaaS, which is a business model where malware is sold as a service.

The most harmful Trojan malware for the Android operating system is RAT. At least 100 lifetime licenses to utilize the program have already been sold, said Cyfirma, EVLF DEV.

High-level obfuscation (“obfuscation”) of code is provided by CraxsRAT, enabling it to be modified for a particular sort of attack, including the ability to inject into WebView.

The build tool for CraxsRAT also offers a rapid install option. It reduces the amount of permits needed to go around security measures. The purchaser can activate extra permissions after installation, though. The so-called “supermod” that keeps the infection from being uninstalled from the gadget is an intriguing feature.

Cyfirma’s Breakthrough: Syrian Link to EVLF DEV’s Exploits

On infected devices, CraxsRAT has access to the file system, the user’s messages, and call history in addition to the ability to read and copy contacts.

Cyfirma’s research led to the discovery of EVLF DEV’s active Telegram channel, which has over 10,000 followers, as well as a cryptocurrency wallet that provided details on the channel’s financial activities. In order to temporarily freeze the funds, the corporation approached the wallet provider.

Following the freezing of the cash in the account, EVLF DEV started a debate on a cryptocurrency forum, which gave specialists the opportunity to learn more about him by learning his true identity, multiple aliases, IP address, and email.

“According to our analysis, we can conclude with a high degree of certainty that someone from Syria is in fact the person behind EVLF DEV’s operations,” highlighted Cyfirma officials.

Avatar photo

Harper Stewart

With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.