A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems.
“It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems,” Cisco Talos said in a report shared with The Hacker News.
Dark Utilities, which emerged in early 2022, is advertised as a “C2-as-a-Service” (C2aaS), offering access to infrastructure hosted on the clearnet as well as the TOR network and associated payloads with support for Windows, Linux, and Python-based implementations for a mere €9.99.
Authenticated users on the platform are presented with a dashboard that makes it possible to generate new payloads tailored to a specific operating system that can then be deployed and executed on victim hosts.
Additionally, users are provided an administrative panel to run commands on the machines under their control upon establishing an active C2 channel, effectively granting the attacker full access to the systems.
images from Hacker News