October 16, 2024
Cybersecurity might as well have its own language. There are so many acronyms, terms, sayings that cybersecurity professionals and threat actors both use that unless you are deeply knowledgeable, have experience in the security field or have a keen interest, one may not know. Understanding what these acronyms and terms mean is the first step to developing a thorough understanding of cybersecurity and in turn better protecting yourself, clients, and employees.
In this blog series, we aim to explain and simplify some of the most commonly used terms. Previously, we have covered bullet proof hosting, CVEs, APIs, and brute force attacks. In this edition, let’s dive into Drainer as a Service.
Drainers as a Service (DaaS) is a disturbing evolution that makes sophisticated financial fraud accessible to even low-skill criminals. In this blog, we’ll explore what DaaS is, how it works, and why it’s becoming a growing concern in the cybersecurity world.
Drainer as a Service 101
A drainer refers to a malicious tool designed to drain cryptocurrency or traditional financial assets from a compromised account, wallet, or online platform. These tools target everything from crypto wallets to bank accounts and e-commerce platforms, allowing attackers to steal funds quickly and anonymously.
Drainers simplify the process for cyber criminals so you need not be sophisticated in able to use them. This makes this type of fraud much more accessible and easier for individuals on the dark web with very few skills to conduct these types of attacks.
Drainers can operate in a number of different ways, they can be deployed as part of a phishing kit which will steal users credentials to access their accounts as well as malware which can be deployed to track and collect information about a user’s financial transactions. Depending on how the drainer, they can also automatically “drain” the funds from a victims account, sending them to an account/wallet designated by the threat actor.
Due to the automated nature of drainers, it means that criminals can target large numbers of victims at once. This makes this type of fraud highly profitable.
However, there are threat actors and groups that are also offering the use of drainers as a service. This means that they are selling the tools for others to use. This allows others to purchase, on the dark web, drainers on demand. They will also often be accompanied by support for any issues as well as tutorials on how to use the tools. In this way cyber criminals have commoditized Drainers, selling them much like a legitimate company would sell software.
Providing Drainers as a Service means that the providers are able to profit from this type of activity without directly participating in financial fraud. However this doesn’t make it any less illegal.
Figure 1: Source: DarkOwl Vision
Criminals will advertise their drainer on dark web forums and Telegram and offer subscriptions to the service, this allows them to get access to the tools, the updates that are made as well as support.
Figure 2: Subscription for drainer advertised on carding forum
It is also possible to purchase the tool direct. However criminals prefer to offer this as a service or an affiliate program as this means that they can charge a commission on the funds that are stolen by the buyer or affiliate.
Figure 3: Drainer for sale with commission
Often, Drainer tools will only work with certain cryptocurrencies or wallet types, which can restrict how they can be used. Although some providers will offer customization as part of their service so the buyer can use it as they wish.
Figure 4: Advertisement for Drainer which only works with certain wallets; Source: DarkOwl Vision
Although most drainers do target cryptocurrency, as it is commonly used on the dark web and the transactions are always digital in nature. However, Drainers are also traded on the dark web which are designed to target traditions bank accounts.
Figure 5: Chat with users asking about bank drainers; Source: DarkOwl
The rise of DaaS poses a significant threat to both individuals and organizations. As these tools become more widespread, even unsophisticated attackers can cause substantial financial damage. Cryptocurrency holders, in particular, are at risk, as crypto wallets are often less regulated and less secure than traditional banking systems.
As these services become more prevalent, it is crucial for individuals and organizations to stay vigilant, adopt best security practices, and remain informed about the latest threats.
To see DarkOwl Vision and our collection in action, contact us.
The post What are Drainers as a Service? appeared first on DarkOwl, LLC.