Cybercrime as-a-service , Fraud Management & Cybercrime , Malware as-a-Service

Researchers Uncover New European Malware-as-a-Service Group

Cyfirma Says FusionCore Is a One-Stop Shop for Hacking Services
Researchers Uncover New European Malware-as-a-Service Group
Ruins of the Temple of Olympian Zeus in Athens (Image: Shutterstock)

A crew of English-speaking European teenagers with a variety of skills and knowledge of Greek and Roman mythology are likely behind an up-and-coming cybercrime group called FusionCore.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

Active since November, FusionCore is a "one-stop shop" for threats actors, offering services such as malware-as-a-subscription, hacking for hire and ransomware, says security firm Cyfirma, which uncovered the group's activities.

The group also created a separate ransomware affiliate program called AnthraXXXLocker.

FusionCore evolved into a malware-as-a-service group in the second half of 2022 after its founder, who goes by the handle "Hydra," saw an influx of demand for the info stealer malware he or she developed, Cyfirma says.

The handle comes from the Greek name for the nine-headed water serpent found in the swamps of Lerna, eventually killed by Heracles as one of his 12 tasks. Up until its unfortunate encounter with a demigod, the Lernaean Hydra survived decapitation attempts by regenerating its severed heads.

Hydra the hacker brought together other developers to create custom malware variants, while continuing to hire more members through recruitment advertisements posted in a Telegram channel. "The members of FusionCore are young (possibly in their late teens), yet ambitious malware developers who have a wide variety of skills," Cyfirma says.

The custom malware offered by the group includes Typhon Reborn - named after another mythological Greek serpentine creature - a remote access Trojan tool called ApolloRAT, an evasion tool called Cryptonic and new ransomware variant called SarinLocker.

The group also heavily relies on open-source tools such as Obfuscar and NBMiner to offer enhanced evasion and cryptocurrency mining capabilities.

Hydra in March shared a screenshot of the Typhon Reborn dashboard, "set to display Sweden time by default."

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.