Man Admits to Creating Crypting Service Cryptex and reFUD.me Scanner

A 24-year-old man has pleaded guilty yesterday in a UK court for creating and advertising two malware-related services employed by thousands of criminals.

Goncalo Esteves, 24, of Cape Close, Colchester, Essex, admitted having created Cryptex, a software application called "crypter" that scrambles the binaries of other files so they won't be easily detected by antivirus software.

Esteves also admitted to running reFUD.me, a website where users could upload files and see if they were detected by antivirus software, but without triggering any warnings for the antivirus companies.

Readers can check out a mirrored version of reFUD.me via the Wayback Machine. FUD stands for "Fully UnDetectable."

Esteves was caught and arrested in November 2015 as part of a joint investigation between the National Crime Agency (NCA) and US cyber-security firm Trend Micro.

Trend Micro says that Estevez advertised both services on infamous hacking forum HackForums where he used the pseudonym of KillaMuvz.

The NCA said Estevez made around $44,000 from around 800 PayPal transactions between 2011 and 2015. Estevez also took payments in cryptocurrencies and Amazon vouchers, but officials were not able to determine the money he made via these payment options.

Estevez created Cryptex in 2011 and later split the crypter into Cryptex Reborn (full version) and Cryptex Lite (limited version). He sold Cryptex Reborn for $20 per month or a lifetime offering of $90, and Cryptex Lite for $7.99. Both versions were extremely popular.

Estevez purposely advertised services to crooks

While it's not illegal to create such services, investigators said that Esteves purposely advertised his products on hacking forums with the intention of having cyber-criminals use his products.

"Esteves advised his customers about his products, discussed how they were to be used and how to use the software to achieve criminal objectives," said Adrian Flasher, Specialist Prosecutor in the Organised Crime Division at the NCA CPS. "The CPS advised investigators throughout the investigation and prosecution, enabling a strong case to be presented; namely, that Esteves knew exactly what the criminal aims of his customers were and that he had profited from his criminality in selling the tools for cybercrime."

Estevez pleaded guilty to two computer misuse offenses and a count of money laundering. He will be sentenced Monday, February 12, 2018, at Blackfriars Crown Court.

Estevez is not the first person arrested for creating malware-related services. In June 2017, Europol arrested six users who were customers of a malware crypter service and a counter anti-virus platform (FUD scanner) developed by a 22-year-old German man. Europol did not name suspects or the malware-related services they used.

A month later, the US charged two Latvians for creating another FUD scanner, similar to reFUD.me.