BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The largest darknet market InTheBox sells thousands of phishing forms "for a penny"


    The InTheBox store promotes web injections on Russian cybercriminal forums to steal credentials and confidential information from banking applications, crypto wallets and e-commerce applications.

    Web injections are compatible with various Android banking trojans and mimic popular applications of large organizations used on almost every continent. As a rule, mobile banking trojans check which applications are present on the infected device and extract web injections from the C2 server corresponding to certain applications. When the victim launches the target application, the malware automatically loads an overlay that mimics the interface of a legitimate product.

    According to Cyble's analysis, as of January 2023, InTheBox sells the following web injection packages:

    • 814 Alien, ERMAC, Octopus and MetaDroid compatible web injections for $6512;
    • 495 Cerberus compatible web injections for $3960;
    • 585 Hydra compatible web injections for $4680.

    For those who don't want to buy whole packages, InTheBox also sells web injections individually for $30 each. The dark web store also allows users to order web injections individually for any type of malware.

    InTheBox web injection packages include PNG application icons and an HTML file with JavaScript code that collects the victim's credentials and other sensitive data. In most cases, injections have a second overlay that asks the user to enter a credit card number, an expiration date, and a CVV number. Cyble claims that InTheBox injections check the validity of credit card numbers using the Luhn algorithm, which filters out bad data. The stolen data is then converted to a string and sent to a server controlled by the attacker.

    InTheBox has been selling web injections for Android since February 2020, constantly adding new pages targeting more banking and financial apps. Cyble experts confirmed that InTheBox web injections were used by "Coper" and "Alien" Trojans in 2021 and 2022, respectively. The availability of web injections in such numbers and at low prices allows cybercriminals to focus on other parts of their campaigns, develop malware, and expand their attack to other regions.

    Resecurity experts, who first discovered this darknet market, named InTheBox as the largest and most significant source of bank theft and mobile device fraud. Most of the mobile malware supported by InTheBox targets Android devices.

    Author DeepWeb
    Pro-Palestinian hackers threaten Israeli chemical companies and their employees
    Types of hashish

    Comments 0

    Add comment