What We Do
How We Do
Get Started

What is Malware-as-a-Service (MaaS)?

BY eSentire

May 4, 2023 | 6 MINS READ

Want to learn more on how to achieve Cyber Resilience?


The cybercrime economy evolved rapidly in recent years. Gone are the days when threat actors were lonely hackers sitting in a basement. Modern cybercriminals act within highly organized enterprise structures and exercise the same sophisticated business tactics as regular companies.

Mirrored after the Software-as-a-Service business model, Malware-as-a-Service (MaaS) is an increasingly popular service cybercriminals offer, which involves selling and distributing malware to other individual hackers or ransomware groups for profit. Selling MaaS allows cybercriminals to maintain their anonymity and evade law enforcement while still generating profit from their activities. Threat actors may also be interested in sabotaging your organization's reputation or getting a hold of sensitive data to sell later.

The rise of MaaS has lowered the entry barrier for threat actors with little technical knowledge or expertise. As a result, your organization is more exposed than ever to opportunistic cyberattacks that can disrupt your business operations, cause downtime, damage your reputation, and lead to revenue disruption.

In this blog post, we explore MaaS in more detail and provide actionable cybersecurity recommendations s to minimize the risks of disruption from malware attacks.

Definition of Malware-as-a-Service (MaaS)

Malware-as-a-Service (MaaS) is a type of cybercrime that involves the sale and distribution of malicious software or malware. With the rise of MaaS, threat actors can monetize their skills by creating sophisticated malware that enables serious cyberattacks and causes severe damage to organizations.

As a security leader, you must be aware of the potential dangers MaaS poses and the necessary steps to protect against them.

Types of Malware Sold as Malware-as-a-Service

MaaS vendors often offer two different types of malware for lease or sale on the Dark Web: DIY malware packages and hosted management services for malware distribution. The DIY malware packages often include all the necessary information to help the less-savvy threat actors adapt the malware to meet the specific demands of the attack, while the hosted packages allow threat actors to distribute malware to a broad group of users.

The types of malware sold as MaaS can vary significantly, depending on the malicious intent behind it. Common types of malware sold through MaaS include:

Malware-as-a-Service (MaaS) - MaaS - Malware - Golden Chickens Malware - What is Malware-as-a-Service - VENOM SPIDER Hacker
Malware-as-a-Service (MaaS) - MaaS - Malware - Golden Chickens Malware - What is Malware-as-a-Service - VENOM SPIDER Hacker

Security Solutions Against Malware-as-a-Service (MaaS)

The rise of MaaS has resulted in the barrier of entry being lowered for amateur, financially-motivated cybercriminals looking to target organizations. Therefore, your cybersecurity practices must adapt continuously to stay resilient in the face of emerging cyber threats. This means you should seek to implement security measures required for a strong security posture: ensuring secure networks, regularly patching any vulnerabilities, and monitoring your environment for suspicious activity.

Additionally, it's important to remember that the human factor is often the weakest link in cybersecurity. Fostering a cybersecurity culture at your organization and ensuring that all employees are properly trained on security measures can help button down initial access vectors and minimize the risk of business disruption.

Although it's not possible to fully eliminate cyber risk, your organization will be prepared to anticipate, withstand, and recover from attacks with these security measures in place.

Protecting Against Malware-as-a-Service (MaaS)

Given this broadening attack vector, maintaining a strong security posture and building cyber resilience is more important than ever. Even if you manage to contain a malware attack, its effects may linger in your environment for many years, causing additional damage and costing a significant amount to clean up. That's why proactive measures are key when it comes to protecting your organization and its sensitive data.

Here are some recommendations to protect your organization from MaaS:

By implementing these measures and staying vigilant, you can greatly reduce your risk of experiencing a MaaS attack, build a more resilient security operation, and minimize the chances of business disruption.

A Malware-as-a-Service Case Study: Golden Chickens Malware

Since 2018, Golden Chickens has been a popular MaaS used by three top Internet crime groups, Russia-based FIN6 and Cobalt Group, as well as Belarus-based Evilnum. These threat actors used Golden Chickens to conduct targeted attacks on e-commerce organizations.

eSentire’s world-renowned threat research team, the Threat Response Unit (TRU), spent 16 months tracking, analyzing, and defending customers from this stealthy malware suite. Between April 2021 and April 2022, TRU discovered two significant hacking campaigns utilizing Golden Chickens. TRU continued to track Golden Chickens, eventually revealing the identity of VENOM SPIDER, the threat actor and operator behind this MaaS.

In our report, "Unmasking VENOM
," we provide an overview of the FIN6 and Cobalt Group cybercrime organizations, details about the investigation that led to uncovering the identity of VENOM SPIDER, the Golden Chickens MaaS operator, an analysis of the malware, and recommendations from TRU on how to defend your organization from the Golden Chickens malware.

Leveraging Managed Detection and Response (MDR) to Prevent Malware-as-a-Service (MaaS)

To build a strong defensive posture against malware-as-a-service, we recommend implementing specific controls to help prevent common ransomware and malcode execution techniques, improve your ability to respond and recover from a cyberattack, and reduce your overall cyber risk.

When looking for a solution to protect your organization from evolving threats, work with a trusted partner capable of providing a multi-layered cyber defense strategy that includes ongoing multi-signal visibility, security event monitoring, proactive threat hunting, and complete response and remediation.

Engaging a Managed Detection and Response (MDR) provider will help ensure you have ongoing 24/7 threat detection, investigation, and response, access to Elite Threat Hunters and containment expertise, and rapid response capabilities.

Remember – a real MDR provider offers multi-signal coverage across endpoint, log, network, cloud, vulnerability, and identity sources, powered by a strong XDR platform foundation and human expertise, to identify, contain, and respond to malware threats that bypass traditional security controls.

Cybercriminals won’t wait for you to be ready for them – the best way to start improving your cybersecurity posture is to be proactive in your approach and focus on building cyber resilience.

Learn how you can defend your organization against malware threats and build a more resilient security operation with eSentire MDR. To connect with an eSentire cybersecurity specialist, book a meeting with us.


eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.

Read the Latest from eSentire