Security Now
Security is top-of-mind, especially right here where Juniper experts share their insights on the latest security trends and breakthroughs
Juniper Employee , Juniper Employee Juniper Employee
Security Now
Underground Malware Marketplaces
02.13.18

On message boards and dark web marketplaces, vendors offer everything from custom malware to on-demand distributed-denial-of-service (DDoS) attacks. Hidden tools to track someone’s every online move or access to their Instagram account? Weaponized exploits for extortion and espionage? The computing power of thousands of hacked “zombie” computers? It’s all available for the right price. In this article we’ll take a walk through the cybercrime black market to see what’s for sale.

 

Keystroke Tracking and Instagram Hacking

At the low end of the market are tools for individuals: keyloggers, password stealers, and social media hacking-as-a-service. For as little as $10, the unscrupulous can acquire a keylogger that captures every password, URL, and private message typed on a computer.

 

image8.png

 

For $40, a product called Multihacker offers guaranteed access to the social media of your friends, family, exes, or enemies.

 

image6.jpg

 

The pseudonymous seller touts hundreds of “vouches” from satisfied customers.

 

image11.png

 

For the aspiring cybercriminal, partnership in a password “recovery” product is available to the highest bidder, starting at $75.

 

image1.png

 

Quick cash without technical expertise? Dozens of sites on the dark web advertise freshly-cloned credit cards and hacked PayPal accounts for sale.

 

image17.png 

Exploit Kits and Malware Generators

Have your own malicious software ready to go? Office Exploit Builder is a slickly-branded app that will embed your code into a Microsoft Office document for guaranteed FUD (Fully UnDetectable) delivery.


image16.png

 

Features include a user-friendly interface, fake error messages, anti-analysis routines, and macro-less execution.

 

image4.png

 

Pricing starts at $70 for the “Starter” version, and goes up to $130 for the “Professional” version, which includes macro-less execution and a Fully UnDetectable Crypter.image14.png

 

Office Exploit Builder’s success has spawned an entire marketplace of knockoffs and clones, such as Silent Hunter Office Exploit.

 

image3.png

 

Another seller will weaponize the EternalBlue vulnerabilities made famous by the WannaCry attack with your choice of malicious payload.

 

image10.png

 

Hacking as a Service

On the dark web, several similarly-worded sites advertise a hacker for hire who, for prices starting at €200, will change university grades, hack a website, or destroy someone’s life.

 

image7.png

 

Another seller offers RATs (Remote Access Tools), botnets and various viruses and ransomware.

 

image9.png

 

Busy cybercriminals can buy access to pre-hacked machines from the Web Shells Market.

 

image2.png

 

For malware authors, there are paid distribution networks and bots available to help spread their infection.

 

image5.png

 

 

 

Holiday Sales and 24/7 Support

Like normal retailers, malware and hacking-as-a-service vendors offer seasonal discounts and promotions to entice buyers. Need to inflate your social media following? Wait for the holiday sales to pick up fake followers for at half-price.

 

image13.png

 

For the less-technical cybercriminal, sellers boast round-the-clock support to ensure a successful infection.

 

image15.png

 

Caveat Emptor

Is there honor among cybercriminals? It’s not hard to find disgruntled dark web buyers who were conned by the offer of cheap drugs, guns, or untraceable cash. We tested malware-laden documents generated by Office Exploit Builder and both Sky ATP and Cyphort (now a Juniper company) easily detected the threats.

 

image12.png

 

For more details about the full range of threat protection offered by Sky ATP and Cyphort, see https://www.juniper.net/us/en/products-services/security/advanced-threat-prevention-appliance/ for our on-premise appliances and https://www.juniper.net/us/en/products-services/security/sky-advanced-threat-prevention/ for our cloud-based threat prevention service.

Top Kudoed Authors