A popular new hacking tool recently introduced in an underground forum allows potential adversaries to perform scans for SQL vulnerabilities across many targets simultaneously, while being controlled via smartphone devices using the Telegram messaging application.
Recorded Future's Insikt Group threat intelligence division has uncovered the tool, identified as the Katyusha Scanner. The moniker, which references a World War II-era Soviet rocket launcher, seems appropriate, and not just because the individual who's been marketing the tool on the forum since April 8 is Russian-speaking.
"Similar to the very lethal weapon conceived 70 years ago, Katyusha Scanner allows criminals to initiate large-scale penetration attacks against a massive number of targeted websites with several clicks using their smartphones," Recorded Future wrote in a blog post on Tuesday.
Controllable via a standard web interface in addition to Telegram, the tool also borrows the functionality of Anarchi Scanner, an open-source penetration testing tool, notes the Insikt Group, adding that the tool has been lavished with praise from users due to its apparently superior interface, performance and customer service.
Currently on version 0.8, Katyusha is being sold for $500, with a light version available since May 10 that is half that price. Users can also rent the tool for $200. The pro version not only identifies vulnerable websites, but also is capable of "establishing a strong foothold within vulnerable web servers" and automatically extracting privileged information such as login credentials," the blog post states. The tool also provides users with vulnerable targets' Alexa web ratings, helping them identify sites that are more popular and thus likely more profitable to victimize with SQL injection attacks.
"The availability of a highly robust and inexpensive tool such as Katyusha Scanner to online criminals with limited technical skills will only intensify the compromised data problem experienced by various businesses, highlighting the importance of regular infrastructure security audits," Recorded Future wrote.