Rats
Quite fun for a change, to watch a bunch of rats in a sewer, turning on their own.
Cheapskate fraudsters hoping to run phishing scams for peanuts have themselves been hoodwinked. Security watchers have spotted a free phishing kit containing a hidden backdoor that siphons off stolen credentials from the fraudsters who use the technology. Script kiddies are unlikely to twig that captured credit card numbers …
The 'script kiddies' have always been the Artful Dodgers and Oliver Twists, to the Fagans that are malware authors.
Open Source pen tools, are perhaps the exception, but it has been common practice to lace closed source exploitation tools to in some way skim the cream of other's whilst they crack.
Most of the times it is in sending back data, but it does get used to cover tracks as well. A new exploit in the wild is useful, but if you are the only one who knows about it, using it can paint a big target mark to your door. A release of a script prior to a crack attempt on a targeted system can detract attention, and make it look like an unfortunate incident as opposed to a direct attack.
There is a lot of misinformation in the security world, primarily because misinformation is yet another tool of security. Whilst obviously not all malware contains backdoors itself, the fact that a lot does tends to make it a little riskier to use the stuff. Some people will always just want to crack though, and the tools offer a quick but dangerous inroad for themselves, most of the time they will not be aware of the risk they are taking, most tools don't stop at siphoning data, they tend to backdoor the machines and leave command and control capability in the malware authors' hands.