Security Threat Researchers Uncover “Dropper-as-a-Service Platforms”

istock 1272724092

Lucky for cyber criminals, but not so lucky for enterprise security pros: There’s a quick and easy way to get started in cybercrime known as dropper-as-a-service (DaaS).

Sophos researchers recently uncovered evidence of a malware campaign using a network of websites acting as a “dropper as a service” to distribute the malware. The malware includes an assortment of click-fraud bots, other information stealers, and even ransomware, and often bundle multiple unrelated malware together in a single dropper.

Sophos Senior Threat Researcher Sean Gallagher says his team found the offerings on a group of blogs, mostly hosted on WordPress, maintained by a criminal group and using them to post links to malware downloads.

“It is a network of websites that were connected together; a criminal advertising network that works through search engine optimization,” says Gallagher. “When people go into Google and search ‘cracked software’ they see advertisements that the products are available and that they can obtain tools that will allow them to get a valid license key to download the software package. But instead these sites are delivering packages of software that is actually malware.”

In this instance, users seeking pirated software are the perfect target for the scam.

“It’s one more way in which criminals can get access,” he says. “These sites were advertised through underground bulletin boards to prospective cyber criminals. For low overhead you can get these tools and it requires little technical skill to run them.”

In a world where remote work is the new normal, and more people are sharing work and personal devices, these types of malware campaigns pose a serious but little-known risk to businesses.

“It’s cyber street crime. It’s not just a threat to people trying to download pirated software now. It is part of the larger background radiation of cybercrime on Internet,” he notes.

The good news? Almost all these malware droppers are easily detectable, and all of them were found by using either signature or behavior products.

But awareness is still essential in protecting systems, he notes. Gallagher offers this advice for thwarting potential threats:

  • Review security software, settings and policies to ensure that you can detect and block malicious and unwanted downloads – this includes having a robust approach to web filtering
  • Ensure that your endpoint protection is up to date, and that it has behavioral detection capabilities on all of the devices that employees use to remotely access work-related services
  • Educate end users on the dangers of downloading pirated software
  • Encourage employees to practice good cyber hygiene, such as using unique passwords, updating software regularly, and implementing MFA
  • Have users separate company machines from personal use
  • Use a multilayer security strategy to detect and remediate malware

Sophos also advises consumers to install a security solution, such as Sophos Home, on the devices that they and their families use for online communications and gaming to protect everyone from malware and cyberthreats.

Learn how you can detect these kinds of malware droppers on your systems at


Copyright © 2021 IDG Communications, Inc.