DiamondFox, also known as Gorynych, is a modular malware that highlights the growth of the malware-as-a-service industry. With accessible how-to videos on YouTube showing aspiring cybercriminals how to set up DiamondFox and a user-friendly interface, it’s easy to see how this malware allows even the least sophisticated attacker to potentially compromise victims.

Written in Visual Basic, DiamondFox has been present on the black market for several years. It was notably used in Operation Black Atlas to steal user credentials and credit card information from PoS systems.

DiamondFox is highly customizable and includes features like user-friendly management panels that allow cybercriminals to easily see live infection statistics for their victims.

Various plugins for the DiamondFox malware allow different capabilities, such as the ability to launch DDoS attacks, steal a victim’s credentials and cryptocurrency wallets, and propagate through removable devices and social networks. The wide variety of available features in the malware allow it to be easily modified for different purposes based on the cybercriminal’s needs.

Enabling TSCritical targets in policies for ThreatSTOP DNS Firewall Service and IP Firewall Service, protects against exploit kits like the Terror EK.If you do not have a ThreatSTOP account, Sign up for a free trial.

If you do have a ThreatSTOP account, instructions to add targets to a DNS or IP Firewall policies are available on the ThreatSTOP Documentation Hub. Or contact our Support team.