Resecurity researchers have identified the largest dark web marketplace called InTheBox. Threat actors are leveraging it to attack over 300 financial institutions, payment systems, social media, digital media, and online retailers in 43 countries.
What does it offer?
According to the researchers, InTheBox emerged around January 2020 as a fully productized automated marketplace in reputable underground communities. Since then, it is providing high-quality webinjects for popular types of mobile malware. - It offers customized templates for malware families supporting webinjects. These are used independently or in combination to successfully execute data theft.
- It is available in the TOR network and offers a listing of available webinjects for sale only after successful account activation through Jabber or Telegram communication.
- It offers various tariff plans allowing cybercriminals to generate several webinjects for malware customization processes during the subscription period.
- The platform operators keep changing and arranging webinjects according to the latest designs and updates of legitimate mobile apps to make the attacks look convincing.
Targeted sector and region
InTheBox offers region-specific services for the U.S. and the U.K., including over 28 countries, namely Argentina, Austria, Australia, Belgium, Brazil, Canada, Chile, India, and others. It provides access to over 400 professionally developed webinjects that primarily target payment services, including digital banking and cryptocurrency exchanges.
Additional insights
- In Q4, experts said cyberattacks on mobile apps were more successful as compared to other attacks, Attackers compromised mobile apps and abused them to gain access to further malicious activities.
- The popularity and success of such attacks make mobile malware the key in a cybercriminals arsenal. Cybercriminals use it to conduct banking theft from consumers worldwide.
- Researchers stated that Alien, Cerberus, Ermac, Hydra, Octopus, Poison, and MetaDroid are the most widespread malware families supporting webinjects.
The bottom line
As the success rate of cyberattacks using mobile malware is high, researchers anticipate that InTheBox operators will continue to offer their tools with attractive subscription plans and start developing more advanced webinjects as well. New marketplaces can emerge as well offering similar services.