Year after year, the number of cyberattacks and their overall damage are steadily rising around the world. One of the main factors behind this steady increase in cybercrime statistics is the incredibly low cost and wide availability of off-the-shelf malware and ransomware sold on dark web marketplaces.
We decided to take a look at message boards and underground markets on the dark web and see for ourselves if buying and owning malware really is that easy and cheap – from absolutely free to $50 for advanced software.
What we found exceeded our expectations far beyond what we had originally anticipated. It turns out that you don’t have to be a programmer or have any special technical skills to buy or create malware. In fact, the input bar is set so low that virtually anyone can do it – all you need is an online wallet laden with Bitcoin.
Encrypted Trojans that can go unnoticed by even the most advanced antivirus systems? Custom ransomware tailored to your specifications? Remote cybercrime courses for aspiring “online entrepreneurs”? It’s all there and available to potential cybercriminals, at the right price. Methodology
To conduct this research, we visited 10 popular darknet markets and analyzed the following:
Availability of malware programs for sale
The cost of the malware tools offered
Availability of customer support for these tools
Summary of our results
Buying malware is incredibly easy – anyone can do it in minutes
Owning malware is cheap or even free: While free tools are available but somewhat risky to use, advanced tools are available for as little as $ 50 on outdoor cybercrime forums
Customer support is typically offered with paid malware tools, including free updates and troubleshooting services
A thriving economy that is not exactly underground
In today’s numerous shadow markets, malware can easily be bought, sold, and traded on websites that are essentially dark web versions of Craigslist.
Protect your online presence with the best VPNs of 2021
Choose the best website builder to create your business or personal website in no time
The best web hosting providers for your website, handpicked by our team
Some malware markets are easy to find and accessible to anyone. Most of the malware tools sold on these entry-level websites are of inferior quality, created by budding hackers looking to make a name for themselves in cyberspace.
At the other end of the spectrum are invite-only message boards, accessible only through the TOR network and run by Eastern European cybercriminal experts offering high-quality products used by serious customers.
Selling malware Publicly
The future cyber criminals of today don’t need any technical knowledge. They just need to know where to shop.
A website, dubbed “the world’s largest hacking and security forums link list”, offers an extensive catalog of online hacking communities and cybercrime forums where users can buy and sell malware, organized by language.
Cybercrime market section on a hacker forum Unsurprisingly, malware markets have their own culture of and mistrust. This means that for the vast majority of premium anti-malware tools, things like trialware and test drives are out of the question.
That’s why before releasing a new malware tool to the “public,” the developer usually gives away several advance review copies to trusted message board members for public and private feedback. Malware developers openly answer questions right there on the message boards, as well.
It’s safe to say that malware developers can come from many walks of life, but they typically hail from countries and regions where cybercrime legislation is not strictly enforced and talented, tech-inclined people don’t have many opportunities for gainful employment. This is why the global community has to begin taking malware markets seriously. Otherwise, these markets will continue to thrive, in one way or another.
Latest cyberthreats for sale
As we explored the markets, we found hundreds of malware programs and services for sale. Banking Trojans, created to steal internet banking credentials, are being offered alongside ransomware generators, state-of-the-art modular malware bots, and more. All complete with technical support available for free or at a small additional cost.
Data stealers
Some of the most popular malware tools available, data-stealing Trojans can steal anything from passwords, cookies, history, and credit card data to chat sessions from instant messengers and pictures from webcams.
Price: $50-$150
Support: tech support available
Remote Access Trojans (RATs)
A Remote Access Trojan allows the attacker to essentially take over the victim’s system, including running and installing software, taking screenshots, toggling the webcam, and seeing everything the victim is doing in real time.
Price: $800-$1000
Support: tech support available
Some remote access trojans (RATs), such as Imminent Monitor (taken down by Europol in November 2019), are often promoted as legitimate remote administration tools in order to increase sales.
Modular malware bots
Modular malware bots include – and can selectively launch – different malicious payloads, depending on the target and the goal of the attack. From logging the victims’ keystrokes and stealing their passwords to hijacking cryptocurrency wallet addresses from their clipboards, modular bots will have most of a cybercriminal’s malware needs covered.
Barebones bot price from: $400–$600
Full-package price: approx. $2500
Support: tech support available
Banking trojans
Banking trojans disguise themselves as genuine software that users often download and install from piracy and torrenting sites. Once installed, banking trojans can access the user’s banking details and send them back to the attacker to grant them access to the victim’s bank account.
Price: approx. $5000
Support: tech support available
Ransomware builders
Ransomware trojans take users’ devices hostage by encrypting their contents and demanding ransom to get your data back, payable only in cryptocurrency. While most ransomware developers in 2020 sell their product as a service, software for building one’s own ransomware is also available for sale.
Price: from $800 for 1 month, approx. $2500 lifetime subscription
Support: tech support available
No skills or experience required
From what we’ve encountered on these marketplaces, almost all premium malware sellers provide buyers with in-depth tutorials and ideas about using their products for technically unskilled buyers.
For some, getting a manual along with a new thousand-dollar malware suite might be taken for granted. Surprisingly, on the cheap end of the spectrum, would-be cybercriminals don’t have to look far to find malware reviews and setup tutorials either – YouTube has them covered:
As we can see, becoming a cybercriminal in 2020 is easier than it has ever been, especially for those who know what to look for. While there are several additional steps they’d have to take after buying their own malware package – such as paying $5-$25 for making their malware build undetectable by most antivirus programs (also known as “crypting”), setting up the tool on a bulletproof domain, and then actually spreading the malware – all the information is often just a Google search away.
Summary
Even though threat researchers and security experts at CyberNews have long been aware of the existence of malware marketplaces, becoming a malware owner is now cheaper and easier than ever.
As the underground malware economy continues to thrive, the ranks of cybercriminals will continue to grow at an increasing rate. While this outlook might seem rather pessimistic, hopefully it will force the cybersecurity industry to shift to a preventive approach, at least when it comes to anticipating and defending from malware attacks.
At the end of the day, a greater awareness of how malware is created and distributed can help both individuals and organizations understand the importance of evolving their defense strategy. When anyone can become a cybercriminal, we no longer have the luxury of taking a passive approach to cybersecurity.