Every day a hacker comes in and starts to make moves to steal data or make financial gain from people. A new hacker going by the name Pahan has decided to infect some of his fellow hackers with a malware, perhaps for some personal gain.
There are many hacking forums available on the Internet at the moment which give education to others on how they can learn about hacking. In some cases they can also download hacking tools for further use. These are not places that you would expect to see malware and various exploits that might be employed by the APTs, (some cyber espionage groups). These groups are hard to detect even with some of the most up to date antivirus engines.
These places are usual for the hackers who have nothing to do but to create a pathetic malware which might be used against unsuspecting victims. Some of these malware and forums might be under close surveillance by some security firms mainly because they are available through Google, therefore they are noticeable to everyone.
A report by Sophos, a security firm, indicated that one hacker has been spending most of his time targeting hackers on other forums just as much as he spent time targeting regular users. The report indicates that the hacker who has been using various names such as Pahan, Pahan12, Pahann or Pahan123, managed to set hacks inside the forums. He managed to put ads for the various hacking tools which are found within a hacking forum, and Sophos discovered that all of the tools in question already had a malware infecting them.
Plausible explanations for the move might be that he is trying to understand how and what other hackers are up to at the moment, or he is trying to deploy a keylogger which might be used to steal the data and passwords and hijack their botnets and control panels.
Sophos indicated three cases whereby the hacker had tried to inject a malware into a forum. The first case is back when Pahan was offering a free download of the Aegis Crypter, which is a tool used to hide and obfuscate data for malware from scanners and antivirus software. The tool was reportedly injected with the RxBot Trojan.
Another incident was recorded back in March when the hacker now using a new name Pahann, offered a version of the KeyBase keylogger which was infecting buyers with the COM Surrogate malware. There was also the RxBot Trojan installed on the botnet. The last incident was considered to be in July 2016, and it happened on LeakForums.
The number of infected hackers who were affected by the antics of Pahan is currently unknown.