The Sicilian Mafia. The Scarpa Crew. Young Boys, Inc. The Sinaloa Cartel. Organized crime groups tend to have names describing their original location or important members; they rarely choose names that describe what they are doing, so as not to attract the wrong kind of attention.
The same can’t be said for Evil Corp. Their on-the-nose name serves almost as a mission statement, explaining exactly what the group’s members are striving to achieve in the world. Stated plainly, Evil Corp is a cybercrime group bent on attacking and infecting as many devices as they can — and they haven’t been stopped yet. Read on to learn more about this vicious cybercrime syndicate and how you can stay safe from their bad works.
Evil Corp’s Beginnings
As with many extant criminal organizations, origins of Evil Corp aren’t easy to discern. The earliest evidence we have of Evil Corp is the machinations of its leader, a Russian man named Maksim V. Yakubets who is known better by his nicknames, Aqua and Aquamo. In 2008, a reporter for the Washington Post intercepted daily online chats between Aqua and some of his “employees,” which spoke of hundreds of thousands of dollars stolen weekly from hacked businesses.
A deeper dive into the goings-on revealed organized cybercrime activities, with Aqua in charge of developing and deploying banking malware and a legion of other workers involved in a largescale money laundering effort. Aqua relied primarily on two malware variants: Jabberzeus and Dridex.
Both Dridex and Jabberzeus, also Jabber Zeus, are evolutions of an old and prolific Trojan called Zeus. Initially, Zeus was built to log keystrokes and steal bank login credentials, but it developed into the largest and most widespread botnet in history, known for high-profile attacks on major institutions like the Bank of America, NASA, Cisco, Amazon and the U.S. Department of Transportation. Added on later, Jabber is an instant messaging plug-in that allows attackers to communicate and coordinate. In the case of Dridex, malware developers gave Zeus the ability to infect systems through macros in Microsoft Office programs. Fortunately, max security antivirus software is enough to keep users’ devices safe from both malware attacks.
Once the malware successfully acquired banking credentials, Evil Corp could empty a victim’s accounts — but it needed somewhere to move the money that wouldn’t get the ringleaders caught. Using recruitment websites, workers at Evil Corp would amass a list of so-called money mules and systematically test them for reliability, keeping around only those mules who demonstrated the ability to complete tasks swiftly. Then, when Evil Corp successfully pilfered funds, they would channel it into the mule’s own bank account and direct the mule to withdraw the sum in cash and wire that amount to three individuals in Eastern Europe.
The flaw in Evil Corp’s plan came in the form of its own website’s insecurity. Anyone could register to be a money mule, and anyone could see any message Aqua and his cronies sent to any mule. Thus, it didn’t take long for security professionals to warn businesses of ongoing cyberattacks and thwart some of Evil Corp’s illegal activities. Even so, many personal users and businesses reluctant to trust warnings about their banking security lost significant sums to Evil Corp — and they continue to do so.
Evil Corp Goes On
In December 2019, the United States finally took a stand against Evil Corp when U.S. prosecutors charged two of its leaders, Aqua and his co-conspirator Igor Turashev, with banking fraud. There is evidence that Evil Corp is responsible for more than $100 million stolen from U.S. citizens and corporations — and untold millions more from victims around the world. Alongside these charges, the U.S. entered Evil Corp onto its Specially Designated Nationals and Blocked Persons List. These sanctions are designed to draw attention to the group’s nefarious deeds and bring an end to one of the world’s most prolific cybercriminal organizations.
Even so, Evil Corp isn’t backing down. In January 2020, roughly a month after the charges were announced, Evil Corp seems to be back in action with a new malware distribution technique that relies on HTML redirectors and macros in Microsoft Excel. This is a noteworthy tactic because it gives the group more flexibility: If one of their corrupted websites gets shut down, they can simply redirect their links to another phishing website that remains live. Plus, redirectors are slightly better at hiding from low-level antivirus scans, meaning they have a greater chance of successfully infecting a device.
Unfortunately, cybercrime pays well enough to sustain a large organization for more than a decade — but that won’t stop security experts from cracking down on Evil Corp and similar cybercrime syndicates. The more users arm themselves with knowledge about existing threats as well as digital defenses for their devices, the less success cybercriminals will see. Soon, Evil Corp and similar groups could be a thing of the past.