Belarusian authorities have seized the servers of a notorious hacking forum that served as a meeting place for malware authors, hackers, spammers, botnet operators, and other cyber-criminals, the Belarusian Ministry of Internal Affairs said in a press release.
Named XakFor, the forum launched in 2012 and targeted the Russian-speaking cybercrime scene. It operated on the open internet, and not on the dark web, as most would have expected, a reason many now believe led to its demise.
Belarusian authorities said XakFor amassed more than 28,000 registered accounts and had thousands of daily active users before it was taken down last month.
A meeting place for newbie hackers
While initially the forum launched and worked as a closed invite-only community and attracted some of the Russian hacking scene’s top professionals, with time, the forum’s policy changed, opening registrations to all users.
The forum’s reputation changed accordingly, and in the past half-decade, XakFor became the Russian version of HackForums — an English-speaking forum populated by low-skilled hackers.
Yet, while HackForums began moderating some of its content in recent years — removing ads for some types of malware and cybercrime services — XakFor did not.
The site listed a variety of content, ranging in quality. However, the site was primarily known as a place to buy or download free malware.
Per sources, XakFor users advertised or shared all sorts of malware strains on the forum, going from ransomware kits to crypters, to remote access trojans, and even Android malware. Some of the malware was authentic, some was cracked, while other was backdoored — with criminal stealing from each other.
Its free and varied content was one of the reasons it attracted a crowd of newbie hackers looking to take their first steps in the malware scene, before moving to other more underground hacking forums.
It was never the-place-to-be
The site’s popularity is what eventually led to its demise when Belarusian officials discovered it was being hosted inside the country.
The forum listed a takedown notice from Belarusian authorities until this week, when it went down for good. Several of the site’s pages are still available indexed and cached in Google, but all malware download links are now down and inaccessible.
Threat intel analysts with whom ZDNet spoke never had a high opinion of the site, but they did admit it was one of the biggest, although not the “forum you need to keep an eye on.” Those are Exploit, Nulled, and Verified.
All in all, XakFor was never the place where hackers plotted huge malware operations, but it was a place where users shared malware, and lots of it.