Talos security researchers Edmund Brumaghin and Holger Unterbrink said in a detailed blog post that Remcos, a remote access tool or RAT, which gave attackers everything they needed to establish and run a potentially illegal botnet.
However Breaking Security claims that it will only sell the software to legitimate users and will revoke the licences of those not following its end user licence agreement.
Brumaghin and Unterbrink said the same company was also offering a tool called Octopus Protector, a cryptor that helped malicious software to bypass detection by anti-malware products by encrypting the software on disk.
"Remcos' prices per licence range from €58 to €389. Breaking Security also offers customers the ability to pay for the RAT using a variety of digital currencies," the two researchers said.
"This RAT can be used to fully control and monitor any Windows operating system, from Windows XP and all versions thereafter, including server editions."
They said several attempts had been observed to install the Remcos RAT on various endpoints. "...we have also seen multiple malware campaigns distributing Remcos, with many of these campaigns using different methods to avoid detection. To help people who became victims of a harmful use of Remcos, Talos is providing a decoder script that can extract the C2 server addresses and other information from the Remcos binary."
Brumaghin and Unterbrink said while Breaking Security claimed that Remcos was only for legal use, their research indicated it is still being used extensively by malicious attackers, as well.
"In some cases, attackers are strategically targeting victims to attempt to gain access to organisations that operate as part of the supply chain for various critical infrastructure sectors," they said.
"Organisations should ensure that they are implementing security controls to combat Remcos, as well as other threats that are being used in the wild.
"Remcos is a robust tool that is being actively developed to include new functionality, increasing what the attackers can gain access to. To combat this, organisations should continue to be aware of this threat, as well as others like this that may be circulated on the Internet."