HQ/EMEAFind out how we can help your business
An emerging cybercriminal group from Europe, FusionCore, has attracted security researchers’ attention. This malicious threat group have specialised in advertising their hacking services as a Malware-as-a-Service (MaaS). Moreover, the group developed AnthraXXXLocker, their separate ransomware affiliate program.
The European hacking group gives its customers various new and custom malware strains like ApolloRAT, Cryptonic crypter, Golden Mine, SarinLocker ransomware, Strontium stealer, Typhon Reborn, RootFinder miner, and RootFinder stealer.
They coded most malware strains in C#, C++, and Go. In addition, the featured malware products could execute elusive and persistent cybercriminal campaigns. FusionCore has also relied on multiple open-source tools, such as NBMiner and Obfuscar, to provide sophisticated crypto-mining functions.
The FusionCore developer grabbed the opportunity of making its product a Malware-as-a-Service.
According to the investigation, the FusionCore group became a Malware-as-a-Service during the first half of last year. The group’s transition materialised after its founder, Hydra, observed a surge of demand for their infostealer across the cybercriminal landscape.
The threat actors had several Telegram channels to offer the malware to their customers. However, they organised a single portal in the last months of 2022 to create a one-stop shop to sell their malware.
Researchers claimed that the threat actors started and stayed within the European countries. The latest target of this malicious entity is an information security company in Asia and the Lindesberg Municipality in Sweden.
Currently, NecroSys, one of the primary associates of the FusionCore group, sells the SarinLocker ransomware for about $20 as a monthly subscription.
The ransomware emerged in November last year and contained several capabilities, like wiping the decryption key from an infected device’s memory. Furthermore, the ransomware used a telegram channel to send the target’s data to its operators.
The FusionCore group plans to improve its cybercrime tools further as it continues gaining traction among cybercriminal groups. Hence, experts believe the group could generate more malware strains and info stealers. Lastly, other malicious gangs could join the FusionCore group as its affiliates.
