Hackers actively use the legal tool OpenBullet for account takeover (ATO)

Hackers are actively use OpenBullet
Written by Emma Davis

Account takeover is a huge problem these days. To steal billions of credentials from thousands of platforms, criminals use automated tools – for example, they actively apply OpenBullet, the legal program for testing sites.

With its help, attackers check validity of credentials, and brute force the necessary information.

Let me remind you, by the way, that recently IS researchers note growth of brute force attacks on RDP.

A team of researchers from Digital Shadows analyzed the current situation in the field of the account takeover (ATO) on the darknet and found that a tool called OpenBullet is the most popular.

Other tools that are widely used in this area include Sentrymba, Private Keeper, Vertex, Account Hitman, Snipr, and Blackbullet.

According to experts, the popularity of OpenBullet began to grow rapidly in April 2019, when attackers realized the value of this legitimate tool.

OpenBullet includes a number of website testing tools, but it can also be used for data collection, analysis, and penetration testing.

Ostensibly created for legitimate purposes, OpenBullet includes multiple tools that can be used for scraping and parsing data, automated penetration testing, and unit testing. In the simplest of terms, it’s a one-stop-shop for cybercriminals trying to explore ways to compromise their target”, — explain Digital Shadows specialists.

OpenBullet allows customizing various configurations, is economical in terms of required system resources, and is freely available on GitHub.

OpenBullet shares some similarities with another tool, BlackBullet, however OpenBullet has new features and different types of configurations, while BlackBullet configurations are encrypted.

Experts have identified a number of tutorials for sale on how to use OpenBullet in conjunction with hundreds of configurations. Like many legitimate services, OpenBullet has a specialized online store. The website provides lists, configurations, accounts and databases, account validators, e-books, and how-tos.

While the official GitHub page for OpenBullet states that performing attacks on sites not owned by the user is illegal, I think it’s fair to assume that this tool will continue to be used for nefarious purposes. Even if OpenBullet was developed for the greater good, there’s always a way to turn it into a malicious program, and I think cybercriminals can attest to that”, — writes Digital Shadows representative Kasey C in company’s blog.

OpenBullet’s is so appealing mostly due to its open source code. The ability to load or tune configurations that exploit the potential to bypass an organization’s defenses allows attackers quickly adjusting attack tactics, techniques, and procedures.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

One Response

  1. OpenBullet 1.4.5 May 30, 2022

Leave a Reply