ABSTRACT
Malware as a service (MaaS) has become a profitable profession, allowing individuals who are not technologically competent, and criminal organizations, to purchase such malicious software to conduct a variety of attacks. This has created space for those with the technological abilities to make a business off the malware that they write, and it is therefore important to understand where these developers are learning the skills needed. The current study was carried out to assess how malware developers use an encrypted messaging platform for knowledge acquisition, more specifically knowledge about malware development. This was carried out through a qualitative analysis of questions and answers posted within Telegram channels that are related to malware, and malware development and distribution. Further to this, latent class analysis was conducted to aid in determining whether there are subsets of individuals posting this information. A total of 467 user questions and 518 user responses were captured from eight channels. Results from this study revealed that posters are usually responsive to questions posed within these communities, with seven different response themes identified: Criticized question, offered answer or advice, offered help or service, probing for further information, provided resource, and unhelpful response. Therefore, while not many people are seeking Telegram channels to learn, when they do pose questions, respondents are likely to offer helpful advice to aid in their learning of malware development.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Notes
1 In order to protect anonymity of subjects, datasets will not be published, however they are available upon request.
2 It is important to note that during the search of channels the research assistant conducting the search did not interact in any way with any members of the channels, or participate in any communications within the channel itself so as to not interfere with any activity.
3 List of keywords used: Malware; virus; worm; RAT; development; ransomware; trojan; botnet.
4 Lumivero (Citation2023) NVivo; (Version 14) www.lumivero.com.
5 Quotes were taken from different posters in the investigated channels, therefore, no ID was assigned.
Additional information
Funding
Notes on contributors
Noelle Warkentin
Noelle Warkentin is a PhD candidate in the School of Criminology at Simon Fraser University (SFU), Canada. She received her B.A. (Hons.) degree in psychology from the University of Manitoba, and her M.A. in criminology from SFU (2021). Her research interests include cybersecurity, cyber-warfare, cyber threats against Canada’s critical infrastructure, darknet markets, and the psychology of cyberoffenders.
David Décary-Hétu
David Décary-Hétu has a Ph.D. in criminology from the Université de Montréal (2013), and is currently an Associate Professor at the School of Criminology of the Université de Montréal. The main research interests of Prof. Décary-Hétu focus on the impacts of technology on crime. Through his innovative approach based on big and small data, as well as social network analysis, Prof. Décary-Hétu studies how offenders adopt and use technologies, and how that shapes the regulation of offenses, as well as how researchers can study offenders and offenses. Prof. Décary-Hétu is the Chair of the Darknet and Anonymity Research Centre (DARC) that was funded by the John R. Evans Leaders Funds from the Canada Foundation for Innovation. His team collects and studies data from all types of offenders who use anonymity technologies such as the darkweb, cryptocurrencies and encryption. He has published in leading academic journals and is invited regularly in the news media to comment on recent events. Prof. Décary-Hétu is involved in many partnerships and initiatives including Open Criminology, the revue Criminologie, the Division of Cybercrime of the American Society of Criminology and the Human-Centric Cybersecurity Partnership.
Richard Frank
Richard Frank completed a PhD in Computer Science and another PhD in Criminology at Simon Fraser University (SFU). Dr. Frank is currently an Associate Professor in the School of Criminology at SFU, Canada and Director of the International CyberCrime Research Centre (ICCRC). His research focus is cybercrime, with a particular interest in researching hackers and security issues, the dark web, online terrorism and warfare, eLaundering and cryptocurrencies, and online child exploitation.