Greasy Opal, based in the Czech Republic since 2009, is reportedly a Cyber Attack Enablement company that manufactures and markets advanced cyber attack bypassing tools and devices.
The company’s main product features robust and rapid machine learning models that can adapt to new CAPTCHA challenges and facilitate volumetric and brute force bot attacks in segmentation.
These tools help accomplish various illicit activities like the stealing of one’s account and opening up fake accounts at a certain institution.
Arkose Labs’ threat research unit ACTIR has recently discovered “Greasy Opal” which enabled threat actors to create over 750 million fake Microsoft accounts.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
750 Million Fake Microsoft Accounts
While not directly engaging in attacks, Greasy Opal’s products cater to a wide range of clients, including known bad actors and competing CAPTCHA-solving services.
ACTIR has observed that attackers utilizing Greasy Opal’s solutions can rapidly deploy large-scale bot networks, significantly intensifying the global threat of sophisticated cybercrime.
This particular business practice of assisting crime rings has helped position Greasy Opal on the rise to be one of the critical enablers of the changing ideas regarding the threat on digital security.
Greasy Opal offers inexpensive and effective tools for solving CAPTCHAs that are used by threat actors when trying to overcome the security systems of various organizations.
Besides this, the software employs enhanced OCR and smart machine learning technologies, which work with datasets that are labeled by crowds, to solve text-based CAPTCHAs successfully.
For $70, a customer can buy the basic toolkit, which contains the key features, and go all the way up to $190 for a comprehensive pack; not only that even it also offers a $10 monthly pack, it is certainly apparent why services Greasy Opal offer are not free from bot attacks in social media and other networks that involve gaming, financial activities, and gig engagement.
With the help of a custom browser, the company’s toolkit aids in the incorporation of more extensive browser automation systems like Bablesoft’s Browser Automation Suite (BAS), which eases attackers’ tasks.
ACTIR researchers estimated that Greasy Opal’s revenue is projected to be $1.7 million for 2023, and its application has been seen in massive cybercrimes, including 750 million fake Microsoft accounts created by Storm-1152 from Vietnam.
The ACTIR is constantly finding ways to combat AI-based cyberattack tools developed by Greasy Opal and has implemented these strategies by designing new SAT CAPTCHAs and running measures intended to discover the flaws of Greasy Opal’s machine learning models.
The group presented in Greasy Opal renders improper businesses’ available technology for cyberattack, employing additional deep learning and OCR techniques enhanced with a crowd to interpret the models.
However, Greasy Opal’s technology’s CPU-based structure limits expansion compared with the GPU-based one, which poses a risk.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial