There’s a never-ending game of cat and mouse between cybercriminals and the companies that develop anti-malware software. For three U.S.-based providers, it could get a lot more challenging. A group of elite Russian hackers claims to have infiltrated their networks and stolen the source code for their software.
Researchers with Advanced Intelligence (AdvIntel) have been tracking the activity of the group on underground forums for some time. The hackers, who operate under the handle Fxmsp, have an established reputation for infiltrating well-protected networks. Their targets typically include highly-sensitive corporate and government information.
Two months ago AdvIntel saw Fxmsp reappear on hacking forums after a half-year hiatus. It’s probably no coincidence that the group reported that its campaign against security software firms had kicked off six months earlier.
Fxmsp laid low until it had achieved its goal. When its stealth operation concluded, the hackers allegedly made off with more than 30 terabytes of data from their latest victims. They posted screenshots showing folders, files, and source code.
The asking price for this trove of data: a cool $300,000. They also claimed to still have access to the networks and would throw that in at no extra charge to the lucky buyer.
If what they’re offering is the real deal, then this is pretty much a worst-case scenario for the three firms that were compromised. Access to the source code allows hackers the opportunity to locate showstopping vulnerabilities and exploit them, rendering the software useless… or worse. They could even turn what was once legitimate protection from malware into an incredibly effective spying tool.
Anti-malware apps require very deep hooks into an operating system. It needs that access so that it can detect, prevent, and undo damage caused by malicious software. Anyone running the compromised software on their systems would be in grave danger.
But wait, there’s more! In addition to being highly skilled, Fxmsp has a reputation for making additional backdoor deals even when offering an “exclusive” as they claim this sale will be. It’s very possible that this incredibly sensitive code could end up in the hands of multiple criminal organizations.
As for the names of the three anti-malware software companies that were compromised, that’s still a mystery. Unless someone in the cybersecurity business decides to shell out $300k to find out what’s hiding in the 30TB of files we may not find out until it’s far to late.