In December 2022, researchers discovered the largest dark web marketplace, named InTheBox. It popped its head in January 2020 as a fully automated product marketplace in respected underground communities. It reportedly offers custom web injects for prevalent mobile malware varieties. This article will talk about the latest such offering by the cybercriminal group.
Diving into details
InTheBox is promoting an inventory of 1,894 web injects, on Russian cybercrime forums, for pilfering credentials and sensitive data from eCommerce, banking, and crypto apps.
The overlays support several Android banking trojans and impersonate apps operated by organizations across the globe.
Initially, the web injects targeted organizations in the U.S., South America, and Australia. However, later the scope was expanded to 44 countries.
As of January 2023, InTheBox offers 814 web injects compatible with Ermac, Octopus, Metadroid, and Alien for $6,512, 495 web injects compatible with Cerberus for $3,960, and 585 web injects compatible with Hydra for $4,680.
For buyers not interested in the entire package, individual web injects cost around $30.
Why this matters
Due to the mass availability and low-cost web injects, threat actors are able to focus on other parts of their operations, including malware development and expansion of their attack surface.
Furthermore, these injects can check the validity of credit card numbers inserted by the victims using the Luhn algorithm that helps Android trojan operators weed out irrelevant data.
The bottom line
To safeguard against such threats, researchers recommend following cyber hygiene practices such as downloading software from only trusted sources, installing and upgrading antivirus software, and enabling Google Play Protect on Android devices. Moreover, banks and other financial institutions should properly educate their customers on protecting themselves against malware attacks via different vectors.