Kaspersky Lab expert Maria Garnaeva told how hackers communicate with the world and with each other using swear words, phrases, or quotes from world literature written into malware codes.
As an example, she cited the Obsydian Gargoyle hacker group, which sends phishing emails about COVID-19, makes phishing sites and simple malicious programs. These hackers inserted phrases in English into the malicious macro code several times, for example, a fragment of Shakespeare's sonnet 116, an excerpt from The Brothers Karamazov, and Crimes and Punishments by Fyodor Dostoevsky.
“Maybe it was done as a message to humanity, or just to laugh, or to bypass the simplest signature detection”, suggested Garnaeva.
Earlier Group-IB specialists analyzed the malicious file “Contract.docx”, which was sent to banks by the Silence group in 2018 (the file exploited the CVE-2017-0262 vulnerability in MS Word). And they found a script that included the lyrics to Slipknot's Snuff song (You-sold-me-out-to-save-yourself).
“Before Silence, this malicious file was used by the APT28 (or Fancy Bear) group,” said Group-IB.
Silence hacking group, having borrowed a document from Silence for their mailings, did not change this part of the script. Curiously, like most financially motivated bands of that time (Cobalt, MoneyTaker), the participants of Silence were Russian-speaking.
Often, inside the code, IT specialists are the words that virus writers use to communicate with virus detectors. This was the case with the Mydoom, Netsky and Bagle viruses, which were endlessly modified to communicate with each other.
The most common phrase in hacker code is “F *** you”. This is what was most often inserted into a variety of codes. These words appear both among APT groups and among the lowest-level virus writers.
