A new exploit kit called Atrax is uses the TOR protocol to make sure C&C communications remain as stealthy as possible, researchers said.
While its main platform costs $250, researchers from CSIS analyzed the threat and said Atrax is capable of performing tasks like launching distributed denial of service (DDoS) attacks, grabbing data from forms and web browsers, and mining Bitcoins and Litecoins.
The main component is fairly large in size – around 1.2MB. However, its authors say this is because of x64/x86 code and integration with TOR. On the other hand, the bad guys do offer a smaller (2KB) first stage assembler downloader for free to make the infection process more efficient.
The main component integrates features that allow customers to kill bots, install plugins, download and execute files, and make updates. The download and execute commands can occur normally or through TOR. The downloaded files can also be executed directly in the memory.
The rest of Atrax’s capabilities come through various add-ons and plugins.
Each of the components end up sold a la carte. For instance, the DDoS add-on costs $90, the form grabber costs $300, while the reverse Socks add-on can be bought for $400.
The Bitcoin mining plugin is still experimental, but it can be acquired for $140. The plugins can also communicate over TOR.
Additional technical details on Atrax are available on CSIS’s blog.