Crimeware

Сrimeware is a collective name for the tools that attackers use to commit cybercrime. Typically, the term refers to malicious software that cybercriminals create and deploy to generate income, steal sensitive data, or illegally disrupt target systems. In some cases, crimeware also refers to software that is not malicious per se, but is still made and used by cybercriminals (for example, phishing kits). Also classifiable as crimeware is hardware used for cyberattacks (for example, hardware keyloggers).

Types of crimeware

In terms of attackers’ objectives, crimeware includes the following:

  • Ransomware– malicious programs that encrypt data or block access to it, then demand payment for decryption or unblocking.
  • Stealers – malicious programs designed to steal account data.
  • Clippers – malicious programs that substitute clipboard contents (for example, a cryptowallet address copied by the user to make a money transfer) with an attacker-controlled address.
  • Banking Trojans – malicious programs designed to steal credentials for banking apps and payment systems, as well as payment data.
  • Remote access Trojans (RATs) – malicious versions of remote access tools that operate covertly and allow attackers to control a device without the victim’s knowledge.
  • Keyloggers – software or hardware tools that intercept and record computer keystrokes, allowing cybercriminals to steal personal information such as passwords, bank card details and PIN codes.
  • Rootkits – programs designed to seize control of a system or provide access to it with high-level privileges.
  • Miners – programs that mine cryptocurrency on a device without the owner’s knowledge.
  • DDoS bots – programs that combine infected devices into a botnet, allowing attackers to carry out DDoS attacks.
  • Other malware used for criminal purposes.

Sometimes, tools that help attackers automate cybercrime, but which are not installed on the victim’s device and are not considered malware, are also classified as crimeware. An example of such a tool is a phishing kit – a set of ready-made templates and scripts for creating fake websites that mimic legitimate ones. Attackers trick users into visiting such sites and giving up their credentials, financial information or money.

In terms of distribution mechanisms, crimeware can be divided into the same types as malware in general:

  • Trojans – malicious programs that masquerade as legitimate software, but perform malicious actions after installation.
  • Worms – malicious programs able to self-propagate from an infected device to other devices on the network.
  • Viruses – self-replicating malicious code capable of infecting other programs.

This classification does not apply to hardware that cannot be distributed electronically, or to tools such as phishing kits that are deployed on the attackers’ side.

Crimeware-as-a-service (CaaS)

By analogy with malware-as-a-service (MaaS), the term “crimeware-as-a-service” refers to the model under which crimeware developers sell tools on a subscription basis to less experienced cybercriminals.