Definition
Malware as a service (MaaS) is a model in which cybercriminals offer malicious software, tools, or services for rent or sale.
It enables users with limited technical expertise to conduct cyberattacks such as phishing, ransomware, and distributed denial of service (DDoS) attacks.
Malware as a Service Real-life Examples
- ZeuS/ZBOT was designed to steal sensitive data, especially banking information. Cybercriminals could buy or rent the Zeus source code and use it to spread customized versions of the malware.
- Blackhole Exploit Kit enables cybercriminals to execute drive-by download attacks, distributing banking Trojans or ransomware.
- SpyEye was a malware-as-a-service platform that enabled cybercriminals to steal banking credentials and execute financial fraud.
- Andromeda/Gamarue was a botnet-as-a-service platform used to spread malware, perform spam campaigns, and launch DDoS attacks.
- Cerber Ransomware offered cybercriminals an easy-to-use interface to distribute customized versions of the ransomware. Its creators could take a percentage of the ransom paid by the victims as payment for the service.