Brit confesses offering crypter service to circumvent antivirus antivirus

A British man confessed to offering a service that allowed malware creators to test whether their malicious software was detected by antivirus products. In addition, he offered a crypter service to make detection by antivirus more difficult.

According to the UK’s National Crime Agency, a 24-year-old man was behind the reFud.me, Cryptex Reborn and Cryptex Lite services, the former of which involved testing malware samples. He touted the service on the Hack Forums site as a free scanner and asked for a subscription fee for the other services.

That would have earned him at least £32,000, according to 800 PayPal transactions between 2011 and 2015. His earnings may be many times greater, as he also accepted payment in bitcoins and Amazon vouchers, the NCA said. The sentencing has yet to take place. The man, who used the pseudonym KillaMuvz, offered support via a Skype account.

The investigation into the malware was conducted in conjunction with Japanese security firm Trend Micro, which announced an arrest in 2015. At the time, the company wrote that the reFud service had been offered since February of that year. This had malware authors scan their creations with thirty to forty antivirus products to test whether they were detected. The advertised benefit would be that the samples were not shared with the companies, which would be the case with similar services.

The Cryptex service has been around since 2011, according to the company, but there were several variants. The Cryptex-Reborn variant, which was made by the Briton, emerged in 2014. The Lite variant has been around for some time, at least since the end of 2011. The purpose of the services is to adapt malware so that detection hampered by antivirus products. Europol also launched a campaign against customers of such crypto services last year.