It’s a rarity these days to see someone getting what they deserve, but lately it seems hackers have been getting a little taste of their own medicine. A hacker using the screen name Pahan, has been infecting other hackers with his own malicious software for his own profit.

For years, hacking forums have been the go to for anyone looking to gain knowledge into the once secret world of cyber attacking. These are places to find information, and download and buy programs. You won’t find any APT’s or any other form of cyber espionage, but you will find ordinary cyber criminals trying to promote their malware. These however, are usually kept under close surveillance by various security firms, in part because they’re available by simply using a google search.

According to the latest report by Sophos, Pahan has been setting his sights on cyber criminals like himself, as well as regular hacking victims. Pahan, Pahan12, Pahan123, or Pahann, has been adding malicious ads to various hacking tools, on a bunch of different forums. Sophos has found that these ads and tools are filled with malicious malware themselves.

“His motives are more likely than not just to see what other hackers are up to, and trying to deploy his own keylogging programs in order to steal passwords and hijack their malware/botnet control panels,” researchers said.

The report also states that on at least three occasions, the hacker has tried to infect others with malware hidden in malware. One case for example, Pahan was advertising a link to a free download for Aegis Crypter, a tool that hides malware from antivirus scanners. This download was found to be infected with an RxBot Trojan.

Another case from March of this year was found. Pahan was selling a version of a KeyBase keylogger that was meant to infect buyers with a COM Surrogate malware, which in turn downloaded the RxBot. The purpose is to control the infected computer from inside the malware.

Another example is from July of the same year, when on LeakForums, Pahan was offering another free tidbit. A PHP-based RAT, by the name of SLICK RAT. Researcher Gabor Szapannos said that the SLICK RAT was infecting victims with a KeyBase logger, which was collecting passwords and sending the data right back to Pahan.

While the number of hackers that Pahan has infected isn’t exactly known, it’s figured to be in the hundreds, if not greater. Research has shown that most hackers kind of expect the programs to come with their own personal backdoors, and they usually do a very in depth code audit before they install anything to their PCs.

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.