Researchers at cybersecurity company Resecurity have discovered a new market on the darknet, targeting developers and operators of mobile malware. A marketplace called "InTheBox" has been running on the TOR network since at least May 2020, and since then it has grown from a private marketplace to the largest marketplace offering a vast array of unique tools and web injections.
Resecurity has named InTheBox as the largest and most significant source of bank theft and mobile fraud. Most of the mobile malware supported by InTheBox targets Android devices.
Cybercriminals currently offer over 1,850 malicious tools for sale targeting systems from over 45 countries:
- large financial institutions;
- e-commerce systems;
- payment systems;
- online stores;
Companies targeted by cybercriminals include Amazon, PayPal, Citi, Bank of America, etc.
The operators of the InTheBox marketplace are closely associated with the developers of major mobile malware families, including Alien, Cerberus, ERMAC, Octopus (Octo) and others.
Cybercriminals can rent off-the-shelf malware for a monthly fee ranging from $2,500 to $7,000, or order custom development of web injections for specific services or applications. Today, InTheBox provides access to over 400 professionally designed web injects, categorized by geography and purpose.
InTheBox was discovered by Resecurity's HUNTER division, which identifies government hackers and industry partners. The specialists passed the information to the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Google security team so that they can develop signatures and tactics to properly protect mobile devices.