mnemonic security podcast
The mnemonic security podcast is a place where IT Security professionals can go to obtain insight into what their peers are working with and thinking about.
mnemonic security podcast
Infostealers
In this new episode of the mnemonic security podcast, Robby Peralta is joined by Leonid Rozenberg, a cybersecurity expert and dark web researcher at Hudson Rock, to discuss infostealers. Rozenberg provides a brief history of infostealers, which began with Zeus in 2007, a malware initially designed to steal only banking information. Today, infostealers have evolved to capture all types of personal and sensitive data, including passwords, cookies, and cryptocurrency information. Infostealer malware can be bought on the dark web as a turnkey solution, or "mass malware as a service," for as little as $99 per month.
Rozenberg emphasises the importance of cybersecurity education and debunks common misconceptions about antivirus protection, complex passwords, and multi-factor authentication. He also highlights the ongoing threat of infostealers and their adaptability in bypassing security measures.
From our headquarters in Oslo, norway, and on behalf of our host, robbie Perelta. Welcome to the Mnemonic Security Podcast.
Speaker 2:Initial access brokers, malware as a service, trojans, spyware, credential theft, key loggers, botnets, command and control servers, the infamous dark net. What do all these charming things share in common? An intimate relationship with info stealers. The only things in the world to be truly saddened by the recall of Microsoft Recall. Chances are you know more about these little devils than you think, and I'm sure this episode will help you put it all together and perhaps convince you to change some of your bad digital habits. Oh and sorry for the audio quality in this one. I forgot to press some buttons.
Speaker 2:Leonid Rosenberg, welcome to the podcast. Thank you very much. It's a pleasure to be here. I was really hoping you were going to answer me when I sent you the mail. We're going to talk about something today that I've known about it, but I've never really understood how important it was and how big of a deal it is to cybersecurity. Info Steelers that's correct. Before we hop into that, who are you and what do you have to do with Info Steelers? That's correct. Before we hop into that, who are you and what do you have to do with Steelers? So my name is Leonid Leonid.
Speaker 1:Rosenberg and I've been doing different types of intelligence roles for almost two decades already. Now I feel very old by saying that. So I started my way in the government sector. I had several other roles at a company called Insights that was acquired rapid seven. Later I moved to the checkpoint where I led the dark web research vertical, and since the beginning of 2024, I joined Hudson Rock.
Speaker 2:I'm very happy to be on board. When did Hudson Rock start and what are you guys doing today?
Speaker 1:Hudson Rock. They started the company in 2020 and we basically pioneered the InfoStealer domain around five years ago, when it became a big issue. We're doing only the InfoStealer-related intelligence and during the last five years we managed to obtain the data from over 30 millions of infected computers.
Speaker 2:Oh, wow, that's a lot, a lot of clicking.
Speaker 1:That's a lot, and we add every month around a half million more, unfortunately, wow.
Speaker 2:Yeah, all right. Big question what is an InfoStealer in 2024?
Speaker 1:All right. So, ed, what does the name of the InfoStealer suggest? This is the malicious software that knows how to steal sensitive information for your computer, right At the beginning of the globe, precise number one. Knows how to steal all the passwords stored inside your browser and also the autofills stored inside your browser. Then it knows also how to steal the cookies on your machine and then a little bit depends on the malware family, on the InfoStealer malware family. It knows how to target your cryptocurrency, target your gaming account and et cetera, et cetera, et cetera.
Speaker 1:I said about malware families. Yeah, there's around today around more than 20 active InfoStealer families and each one of them has a different fancy names. For example, redlive, raccoon, vidal, meta, steelc, radamanitis, atomic, x-files, luma, c2. And I can continue the list more and more and more. What is interesting here? That the InfoStealer was in 2024 is completely different. Infostealer that was in 2007. Is completely different in the sphere that was in 2007. So if it's interesting, we can do a little bit of a quick history lesson about how this memory evolved. We all love history. Go for it. Yeah, what is interesting is, unfortunately, there is no info-steer history lessons in academic degrees, so we'll do it here.
Speaker 1:So everything begins around 2007, when the cybersecurity community saw the first known info-stealer malware called Zeus. And back in the days, zeus was targeting only banking credentials. Okay, this was the purpose of this malware to steal login credentials to your bank account. Go for the money. Yes, yes, yes, yes. Later, one year later, around 2008, the Detroit intelligence community saw another type of the InfoStealer called CobFace, and it was targeting the Facebook accounts right Face Facebook accounts. And it was again the same pattern Every InfoStealer malware was targeting something else Until, at some point, the threat actors, the BANG guys, said if we already managed to get to this situation that somebody clicks and executes our malware, why we need to steal something one that we can steal everything on this computer? And this is what happened to this model around 2016 until today. That evolved that, instead of stealing something one, it basically takes everything that it could from your device Passwords, cookies, sensitive files, tokens, database, whatever. So this is what happened to the InfoSteers from 2007 to 2004.
Speaker 2:Interesting. So, zeus, obviously you said banking right, so that was just going after a credential so it can get in and send themselves money. That kind of makes sense. What were they trying to get out of the Facebook thing?
Speaker 1:Number one you can simply take over this account and then reach out to the owner and say I had hijacked your account. Pay me X money and I will get your credentials back right Some kind of let's call it small ransomware, yeah, or extortion or something else. You can hijack this account and, instead of demanding a ransom, you can simply use this account to spread malware to other people on the Facebook right, and this is usually how the threat actors monetize not only the Facebook accounts, but all the different social media accounts.
Speaker 2:I was just helping my friend trying to recover his Instagram account, because that's exactly what happened. But basically it sounds like info stealers have just evolved based on threat actors. Rolling with the times, of what the threat actors want to do, I guess Exactly because the threat actors understood that the people today.
Speaker 1:They use the convenience of the option to save the passwords inside the browser and, if we understand them, it's very convenient. When you have your Facebook account backing credentials, your corporate credentials, everything stored in one place. You don't need to type anything to log in, just click and you're in. So the bad guys understood if I'll take all the data from the browser, all the social media accounts and all the new corporate credentials and remote accesses, I can later can monetize this data in a different way. I can resell this to, for example, if I have another threat actors group of threat actors that are interested in monetizing remote accesses to the processor, I can find them and sell them, and you know. So this is how it goes. They said I want to get as much data as they can and later we will find a way how to monetize it.
Speaker 2:Right, yeah, so I mean most of the stuff you're describing in our history lesson, right, that's like B to C. So what is this have to do with enterprises? What's the connection there?
Speaker 1:Yeah, that's correct. So it's important to understand that infestators they don't pick, I mean the threat actors. They spread those infestators. They don't pick who they want to infect. Yeah, and during this malware spreading campaign, the insect also the um, private people and also the companies. It can be as high level employee as you can imagine and also the basic, like the really, really you know the entry level position and then they can click on this malicious link or execute this malicious file that is merged with the InfoSteer and basically all the corporate credentials that are stored inside a browser are compromised and sent to the Tritector. So this is where the hotspot enters the market and we alert those businesses about their compromised credentials as part of the InfoSteer invention.
Speaker 2:Interesting. So they're just kind of the threat actors have a huge problem. They're just drowning in data, right, or how do they deal with that?
Speaker 1:Oh, it's very interesting how actually they do that. So imagine yourself that you are on the vegetables market. So when you're going to buy potatoes or cucumbers or strawberries, you're not saying I am willing to buy five potatoes or three strawberries. You're just going to say give me five kilos of those potatoes. Yeah, and this is exactly what happens to the tractors. They take the data from those infections. They even don't care how much the data there is, they just know what they're targeting. All right. So they say I don't care. Like, give me those 10 gigabytes of the info stealing data. I know that I'm looking for those VPN accesses to the big companies. I'm looking for those RDP connections. I'm looking for those credentials of the CEOs of the companies. I'm looking for those RDP connections. I'm looking for those credentials of the CEOs of the companies. Give me as much data as you can and I'll know how to find exactly what I'm looking inside those gigabytes of data of the steeders.
Speaker 1:By the way, the Hats Rock, we call them Category 1 threat actors and Category two threat actors. So category one, those are the bad guys that they only care about spreading the malware. So what they do? They want to take the info stealer, for example Redline or LulaC2, send it to as much people as they can, then hopefully wait. The software will execute thisware, collect these 5, 10, 20 gigabytes of data. They even don't take a look. What is there inside it? They don't care about it. And then they go to the category two protectors and say I have this amount of data, take it and do it from here. What do you want? Deploy ransomware, corroborate the spillage account the takeover business, single compromise. And the lease here is the every minute long.
Speaker 2:Weird right. So I would assume, like the category one, that's an initial access broker per definition.
Speaker 1:Then no, no, no, no. Initial access brokers. That actually the category two. Yeah, yeah, okay, those are the guys that take this huge amount of data and, for example, they know how to work with some kind of VPNs and remote accesses and they dig inside this data, they find what they're looking for and then go and resell this on the dark web forums or pass this to the ransomware group operators. So, those initial access brokers, you can consider them as category two.
Speaker 2:I always thought initial access brokers were step one in the process, but there's a pre-initial access Interesting Just before I move on there the difference between InfoStealers and their data. And have I Been Pwned? What's that?
Speaker 1:This is completely different to use cases and I want everybody here to understand that. Henry Pink Powell is a great site that is run by Troy Hahn that is doing a great job, but he collects the data that's coming from the third-party data breaches. And what is the third-party data breach? Basically, when I'm giving my email and password and maybe some another linked data to a third-party company, for example a food delivery app, then they have a breach and then only this data that is associated only with this company is linked. All right. So today, in 2024, 99% of the passwords are stored in the hashed, in the encrypted version in those databases. So it adds a little bit more friction to the track actor how they can monetize this kind of information.
Speaker 1:But in false tiers. This is a completely different animal. So, number one, all the passwords in the false tier in section will be always, always, always in clear text version, All right. So there's no such thing as a hashed or encrypted passwords in the InfoStudio. It means that the trailer actor will see your password as is, exactly as you see.
Speaker 1:Then the InfoStudio will know how to steal also the cookies. Then the info still know how to steal the cookies. It means that if I have a valid cookie session, I can simply hijack this session, and if there is a two-factor authentication, it will help me to bypass this multi-factor authentication because I have the valid cookie, the valid session and everything is valid. So much, much easier to the protectors to log into those more protected accounts and later InfoStir fills the data from you, not from somebody else, not from some kind of third party company, and it means it will not take some one password or one login credentials. It will take everything that you store inside the browser. Okay, it means that there's autofills and, as you know, in the autofills people tend to store sensitive information like your critical number, like some kind of your personal address, and a bunch of different information. So those are completely different use cases. Both of them have the passwords, but the origin of the passwords and the relevant credentials is completely different, Right, so I'm actually very nervous.
Speaker 2:Now I want to skip right to the remediations, the things I should do, but I will wait. I will hold my horses there Because I want to know what's behind the scenes, what's under the hood of these info stealers. You said there was 20 different kinds. What is some cool? What do you find interesting about all the different ones?
Speaker 1:Yeah, so first of all, when let's call them some of the bad guys.
Speaker 1:When they want to go to, let's say, to either this InfoSteer business, they need to find those people who basically offer those InfoSteers.
Speaker 1:So back in the days when we talk about the Zeus in 2007, this malware was very unique and it was offered from a very inner circle of the bad guys. Today, if you go on the dark web main two Russian language forums you will simply find this InfoStealer malware offered as a service, and they even have a name for this Mass Malware as a Service. So what you can do is simply go to those forums and rent this malware as low as $99 per month Usually it's around $200 per month and you don't need to be a high-end developer. You don't need to know how to set up complex infrastructures. You don't even know how to code those threat actors basically who are behind this. Those info stairs will provide you everything ready to go some kind of turnkey solution. Just pay them the rent monthly, rent up a year, or you can buy a lifetime subscription and you're another owner. So those guys, they operate like a fully fully business, but on the dark end. It's insane how it looks.
Speaker 2:So those guys, they operate like a fully business, but on the dark web it's insane how it looks, and if I was to buy that, what would I need to do on my own to be able to get value out of that? Do you have to give people the click on stuff? So that's your job at that point.
Speaker 1:So when you have the malware, you also need to spread the malware, and there is different known types of how you can spread the malware. Today it's most likely, of course, using the known spam emails. You know, sending this bunch of people there you can and hopefully they will click on the link. You can also hijack social media accounts. Okay, we talked about the hijack social media accounts before, so you can take the accounts on somebody else and from there send some messages.
Speaker 1:If you were looking for something on the Google, do you know that you have those Google ads Correct? So they also may have an info-sealer inside, because the threat actors, they take somebody else's Google account and they set up completely fake Google Ads that basically trick you to click on those ads and then they will redirect you to a completely fake site where you're probably going to download completely fake software that will be merged with the InfoStereo. And the last one, of course, are the files that come from from the torrents LimeWire. Yeah, exactly, exactly, exactly. All of us want unlimited cheats in the GTA or some skins in the Fortnite, and protectors know that and they usually add to those InfoStereos as well.
Speaker 2:We're having all the fun, yes, Okay. So I want to ask you something like when it comes to Google Ads. I would assume they're usually impersonating B2C accounts, right, they're making an ad on Google and that's going to a company that maybe a shoe website or something, and once you go to that shoe website, all you have to do is visit the website and it's in the code, or you have to actually download something from the website.
Speaker 1:You need to actually download something from the website. Okay, so there is always to be a human factor when a person behind the computer needs to do something actually to execute this file, and it will trigger the infection.
Speaker 2:Okay, that's good. At least it's not like we can just click on something and then we're fucked, right, yeah, yeah yeah, but the bad guys, they know how to do the job really well.
Speaker 1:They will trick you on the really high level. They will make everything to guide you step by step, to convince you that you indeed need to click on this file and download this file, because otherwise you're probably not to get your free vacation to thailand yeah, so just don't download stuff over the internet anymore.
Speaker 1:What is interesting about the Google ad? This is a really pity story that I saw the campaign that the threat actors. They impersonate the Google authenticator. So imagine yourself you have a person that is willing to increase his or her level of cybersecurity. It's searching the Google how he or she can download the Google authenticator and, instead of going to the real site, clicks on the Google end site, goes to the complete front end. Look completely legitimate, but it is completely fake. Download the fake Google Auto Indicator. Believes that it's going to be right now the solution for this cybersecurity problem and actually it's the info stealer Gotcha.
Speaker 2:Interesting. So what? Like those that develop these info stealers, I assume it's complicated. What does it look like on their side of the fence?
Speaker 1:So they operate like completely as a business. They have the developers, they have a sales team, they have a customer success team, they have a support team. They have a customer success team, they have a support team. They look like completely legitimate business but of course it's definitely not.
Speaker 1:It's a black hat activity indeed, and you can see this because if you're going to use those disinfluenced in a malware-filled dark web, you will reach some kind of salesperson that will tell you okay, you're willing to get monthly subscription if it will cost you X, you're willing to get a yearly subscription if it will cost you Y. If you have a problem, you will reach a customer success person. They will help you to solve your problem. If you have a bug, you can talk with the QA team, okay, and they will check what's wrong here. And of course, they release every couple of weeks new version and on those Dapplet forums they have a very new release, exactly like you have any completely legitimate software what we've done better, what we fixed, what is going to be the next steps. And on the Infosteel guys end, they operate completely as a cyber security.
Speaker 2:Tech startup. Tech startup, yeah right, yeah, yeah, interesting. Yeah, reminds me of that episode that I had on the Conti ransomware group with your friend right that they there's, I would assume. Then, if you have these models, do they ever attack each other Like the malware as a service, like competitors? Like if I was to compete against my norwegian competitor, if I could just go ddos their site, if I had no morals I would go do that.
Speaker 1:I would assume that kind of happens more in the malware as a service area, or actually no, they don't do that, okay, at least something that I don't know. But I have something else interesting for you that the threat actors, they can also infect themselves, and this, this is very funny and this is very interesting that you have a bad guy that was affected by some other bad guy, and we see this basically at Hatsuro, that we see this sometimes you have credentials for the hacking forums and basically you see inside this stolen data in this we call it an InfoStealer log. Yeah, this is the output of the InfoStealer and you understand that this is a bad guy, this is a hacker, someone who is a black hat hacker, and he probably also tried to download something and it was also infected by a stealer. So we definitely see the cases when the bad guys are infected with the sinners too.
Speaker 2:Yeah, good, good, yeah. That's funny though. Okay. So CrowdStrike Palo Alto, seminole One, microsoft, all these great companies that we know and love. They're kind of made to address this to prevent this from happening. Correct, correct, but it doesn happening. Correct, correct, but it doesn't always work.
Speaker 1:Correct too, yeah okay, yeah, so unfortunately there's no such thing as 100% security, right? Those companies, they're doing as much as they can, but the bad guys and the threat actors and especially in the InfoStealer malware topic they also know how to bypass those protections, and one of the ways is what is called encryption or the code obfuscation. So there's some kind of very, very small change in the code and basically it makes much, much harder to the EDRs and to the antiviruses to detect this malware again and again. So this is how it's done and unfortunately, there is another something that is interesting here this is the dehumidifier. We know a lot of cases when there is actually there is a detection of this malware. So you have this window on the screen that says, hey, this is a malware. And what the person is doing? He goes to this additive virus or doing some kind of additional procedure to disable the protection and runs the file again.
Speaker 2:Yeah, all right, interesting yeah. And when I say EDR, the ones I just mentioned are B2C commercial. You got to have a lot of money to buy those. But for, like, moms and my mom and dad, what are they supposed to do about these sort of things? Does Norton antivirus protect against these things? That's even definitely not going to work. I think that.
Speaker 1:I will start with something that's very important and this is relevant to everybody Moms and dads, private consumers, employees of the big, small, medium companies, whatever Proper cybersecurity education. You need to know that, you need to be aware about everything that is suspicious and you don't need to download anything that looks fishy to you. All right, and here I would like to dive to a little bit. Misconceptions about info-steers. Yeah, so this conception number one this is what we discussed a few minutes ago. This is the antivirus will protect against this threat and unfortunately this is no, and again, I'm not talking about that all the info-steers can bypass. This is definitely not true. We definitely see a lot of detections, but you can have a case when the infosteroids can bypass the antivirus. So don't rely 100% that if you see that there is no viruses or you drop the files to some kind of another scan service like a virus total and you see green result means zero detections. It doesn't equal that it's completely clean file. This is number one. Number two the multi-factor authentication will save me, and this I share a lot, a lot from different people that they say all right, I have complex password and if somebody will compromise it, no worries, I have a multi-factor authentication like a 2FA, I will get an SMS, I will get some kind of push on my phone from an authenticator, and unfortunately, this is also not 100% correct, because we discussed before that the students know how to steal the cookies and I uncovered here that if you have a valid cookie session, it will can help to bypass the multi-factor authentication right. Something else that I hear a lot that people say I'm using apple device, I'm using mac os based device and mac os they don't have any viruses. And this is not true, also Because around 2023, we saw first InfoStudios targeting macOS devices. There's still minority in this niche because the threat actors are willing to infect the most popular system, the Windows, but definitely the macOS devices are vulnerable to those infrastructure attacks too.
Speaker 1:Another one People say that at least we have people today that they are aware that they should not use one, two, three, four, five, six as a password. Yes, and they use a complex password, you know, like a 16-digit character's password, 24 characters' passwords, and they say if I have these 24 complex, completely random passwords, that will save me, because it's impossible to crack this password. And this is also not true, also here, because when the info stealers. They steal those passwords. They steal them in clear text version, as also I explained at the beginning of our conversation. It doesn't matter how long is your password and how complex is your password. It will be stolen exactly in the same way how it looks.
Speaker 1:And I think the last one, this is most important. This connects to the cybersecurity indication. A lot of people say it will not happen to me. If it will happen to 30 million other people, it will happen to my colleague, it will happen to my friend, to somebody else, but this will not happen to me. And this is a wrong. It's a really wrong mindset in a cybersecurity vision to say that I will be never affected but everybody else will be. So I think those are my main five advices, including the manual and about the proper cybersecurity education to everybody Mom pop, grandma CEO governments, everybody. Mom Bob, grandma CEO governments everybody.
Speaker 2:I'm going to send this to my mom and dad immediately afterwards, but I have some more questions before I let you go In my browser that I'm talking to on right now. I'm scared to say which one it is, but between me and you it's Brave right on a Mac, and right below where it says Riversidefm, there's a bunch of tabs that I have open right Right below where it says riversidefm, there's a bunch of tabs that I have open right Different things, and if I click one of those it'll log me straight in, like I must have a session cookie there that allows me to log straight into that website. So that's that kind of session cookie they're looking for that allows me to keep logging in right, exactly exactly.
Speaker 1:So what is actually the cookie session? This is some kind of small piece of information that the third-party website leaves on your computer. But the next time that you will try to log into the session they will see ah okay, I know, robby, it's you. I will let you in without any questions. And the cookies they have a validity date. So until they're funded, basically this is the active session, that if I have those cookies, I don't need to do anything. I can just log into your session, that's all yeah.
Speaker 2:Which is really nice, because I would hate to have to use two-factor all every single two seconds when I log into those things, but not if they take that and they go around all my 24-character password and my two-factor. So that's interesting.
Speaker 1:Yeah, I can just add that in 2024, and this will sound really ridiculous, but unfortunately this is true the trap actors they sometimes don't need to hack anything, they just need to take the credentials, take the cookies, copy paste them and press the enter. Unfortunately, in 2024, the bad guys, they don't hack, they simply execute a login to your account.
Speaker 2:Control C, control V, something like that, or more like Control F and then Control C and then Control V Interesting. And then browsers. I hear about vulnerabilities in browsers all the time. This is why there's vulnerabilities in browsers all the time, because the people that are making these info stealers are trying to compromise the browsers to be able to get stuff out right. That's why there's so much focus on it Really Interesting.
Speaker 1:About the vulnerabilities around. A few months ago and we're recording this episode in October 2024, there was a release to the browsers to try to protect them against the infection and to the threat actors. It took exactly two days to find a way how you can bypass it.
Speaker 2:Yeah, wow, you said something about checking files. What is a good way to be able to check something before you download it? Is there.
Speaker 1:Yes, you have options to check those files. But even if you see that there is no detection, it doesn't mean it's clean. Yeah, so I, for example private person or company, are willing to check if they are infected. They can go to the free tools of Hatsurook and check it for free, if it's okay to say that?
Speaker 2:Yeah, obviously, yeah, that's awesome. So how do I use that tool? Actually, I'm curious.
Speaker 1:Yeah. So we at Hats for Oak, we believe that everybody can check their own personal exposure and also corporate exposure for the influencers, and we have completely free tools that open for everybody. No commitment, no credit card required. You just go to the HatsforOakcom. You will find in a bowl three tools and you're welcome to check your email address, your domain and see the results. And even if you have one result, you're welcome to reach out to us and we will give you this data completely for free as part of our ethical disclosure policy.
Speaker 2:Awesome. Well, good on you, thank you.
Speaker 1:Thank you.
Speaker 2:I think you mentioned this but password managers do they save you here or do they not save you? Because, as long as you don't save? I'm trying to think about how, in my life and hopefully my listeners are somewhat comparable to me I have a password manager, so I never save my passwords there, but all my session cookies? You can't, really, unless you just clear your browser and all your cookies and cache every single time. That's like the only way to keep yourself 100% clear from this.
Speaker 1:Password managers, they can help. Again, this is not a 100% protection because today, in October 2024, theaters they don't know how to get inside those password managers All right. But password managers, they are also not 100% bulletproof. We know a few incidents that password managers have vulnerabilities and some data breaches. But again in October 2024, info theorists they don't know how to get inside those password managers.
Speaker 2:Thank God For now. But before I let you go, then interesting question what do you think is on the horizon? What do you think these malware as a service in the InfoStealer community? What are they up to these days?
Speaker 1:They're definitely here to stay for the long run because the threat actors, they understand the value they get from these kind of infections and we see more and more and more and more new infostellation analysis coming or rise on the dark web forums. So they're definitely here to stay. They're definitely here to find new ways, how they can bypass new protection methods, and this is something that's going to stay with us for a long time.
Speaker 2:I'm trying to place the guys, the info stealers, the make info stealers. Are they like the ones that are making the most money or the middle money, like who's making the most money in the criminal underworld? Like, where are these guys in the totem pole there?
Speaker 1:It's a good question. So the numbers about the InfoSeries let's say they're publicly available, okay, I mean all the dark public available. You know how they charge per month, per year and per lifetime subscription. So we don't know how many subscribers they have, but we definitely know how to estimate the price of the subscription. All right, and then it depends. So, for example, if you are coming from the category 2 and you manage to find some extremely extremely juicy remote access to some Fortune 500 company and then you work with a partnership, with a router or a gang, and then somehow this company paid the ransom and you have a percentage of this ransom, you're probably going to be more rich than the InfoCity developer. Yeah, but again, there is now some kind of table that you can say, all right, like those are the most high paying jobs on this niche and those are the lowest paying job on this niche, or market share, or yeah.
Speaker 2:And I'm just thinking like a normal company, right, like a white hat company would sort of like buy companies that are part of their supply chain and so that they control different like stages. Do you think that's going to like there like, uh yeah, are they buying each other? Are they fusing like, is there a mergers and acquisitions in this side of the world?
Speaker 1:uh, still, at least I don't know, um, I don't see, but there is definitely competition between them. Okay, and the competition is that you see that everyone is trying to make their product as the best as they can, and not only on the like con side, that still be like the most the perfect malware. Yeah, they also starting to invest a lot of the user interface and how you interrupt with the spinner and you see that they for example, they added an option to change the background in the control panel from the dark team to the white team. So you see that a lot, a lot, a lot, a lot of competitions between them. How the Differentiate.
Speaker 2:Yeah, yeah, yeah, exactly yeah, differentiation, differentiation. That's interesting. I I heard from your the click here by recorded future. I heard that she was saying that like how she was describing how it looks. So you showed her how it looks and it was like very organized and very easy for the threat actor to, as a customer, to actually take those passwords and do whatever they wanted to them right that's correct they have usability, says they.
Speaker 2:It's funny. It's not funny, it's bad, but funny it's bad. But it's the world we live in today. I guess yeah.
Speaker 1:Yeah.
Speaker 2:Anyway, thank you so much for all the great work that you and Hudson Rock do. Thank you for sharing all your expertise, and we'll have to keep context. I want to know what's going to happen in the InfoCity world moving forward.
Speaker 1:Perfect, I'll be here to answer all the questions.
Speaker 2:Mr Rosenberg, we'll talk soon, thank you. Thank you, ciao. Well, that's all for today. Folks, thank you for tuning in to the Mnemonic Security Podcast. If you have any concepts or ideas that you'd like us to discuss on future episodes, please feel free to hit me up on LinkedIn or to send us a mail to podcast at mnemonicno.