DarkCloud infostealer lowers cybercrime barrier with $30 price tag

The dark web is seeing an influx of low-cost malware tools, enabling individuals with limited technical skills to harvest credentials. Security researchers at Flashpoint have analyzed DarkCloud, an infostealer available for approximately $30, which has been circulating on Telegram and public storefronts since 2022. This tool quietly harvests sensitive data, including browser logins, cookies, financial information, and contact details from email applications, as reported by Tech Radar.

DarkCloud, advertised as surveillance software, focuses on extracting credentials and sensitive data from infected machines. Its use of legacy Visual Basic 6.0 code and older runtime components allows it to evade modern detection tools that often overlook these outdated frameworks. The malware employs multiple layers of string encryption and obfuscation, complicating analysis. It targets a wide range of software, including web browsers, email clients, and communication tools, storing collected data locally before transmitting it via email, FTP, Telegram, or HTTP uploads. This credential harvesting serves as a common entry point for attacks into corporate networks.

The proliferation of inexpensive infostealers like DarkCloud signifies a shift in cybercrime, where low entry costs, rather than technical sophistication, are increasingly driving early-stage network compromises. Compromised credentials can lead to ransomware attacks, phishing operations, or persistent access. Effective defense relies on layered security controls, including robust endpoint protection, properly configured firewalls, credential monitoring, and incident response procedures, as basic security measures may struggle to detect activity using legitimate protocols.

Source: Tech Radar