Research shows malware is easy to buy, own, and deploy

With just a few Bitcoins and a quick search of Dark Web marketplaces, bad actors can become the owners of powerfully malicious tools.

Mimecast tracks Malware-as-a-Service trend in analysis of 202 billion emails

A new study from research organization CyberNews.com found that malware is becoming increasingly easy to buy and deploy, even for those without technical backgrounds.

While malware deployments have grown in sophistication over the years, the number of attacks has also risen, signaling a democratization of tools allowing less-experienced cybercriminals to take advantage of widespread information. The report found that through underground message boards and Dark Web marketplaces, bad actors can easily find "incredibly low cost" widely available "off-the-shelf malware and ransomware." 

"What we found exceeded our expectations far beyond what we initially anticipated. As it turns out, you don't have to be a programmer or even have any specialized technical knowledge to buy or create malware. In fact, the entry bar is set so low that practically anyone can do it–all you need is an online wallet loaded with some Bitcoin," the report said. 

"Encrypted trojans that can remain undetected by even the most sophisticated antivirus systems? Custom-built ransomware tailored to your own specifications? Remote cybercrime courses for aspiring 'online entrepreneurs?' It's all there and available for would-be cybercriminals–for the right price."

SEE: 10 ways to minimize fileless malware infections (free PDF) (TechRepublic Premium)

CyberNews researchers looked at 10 so-called DarkNet marketplaces and found that buying malware is easy and fast, with cheap or even free programs allowing people to own malware. For just $50, would-be criminals can buy advanced tools on cybercrime forums that operate in the open, it found. 

According to its investigation, there is even customer support for malware tools that you can buy that include free updates as well as troubleshooting services.

"In the many shadow markets of today, malware is easily bought, sold and traded on websites that are basically Dark Web versions of Craigslist. Some malware marketplaces are easy to find and open to anyone. Most of the malware tools sold in these entry-level websites are of inferior quality, made by neophyte hackers looking to make their names in cyberspace," the report said. 

"On the other end of the spectrum are invite-only message boards, accessible only via the TOR network and run by veteran Eastern European cybercriminals who offer high-grade products used by serious clientele."

The key to using malware is not skill but simply knowing how to find malware tools and there are a number of websites that provide detailed lists of forums where these tools are available. CyberNews researchers noted that one website has organized a list of places people can buy and sell malware that is organized by country. 

In an email interview, CyberNews PR manager Lina Bernotaityte explained that its difficult to pinpoint who exactly is behind these malware tools and all the features accompanying them, but even with their anonymity, it is safe to say that these malware creators come from countries and regions where cybercrime legislation is not strictly enforced and talented, tech-inclined people don't have many opportunities for gainful employment. 

The report notes that a number of malware creators offer their tools for free to a select group of cybercriminals as a way to make sure they work and increase usage as well as future potential for payment.

CyberNews researchers wrote that they were able to find a wide variety of malware brands for sale with everything from banking trojans to ransomware builders and "modular malware bots." 

"Some of the most popular malware tools available, data-stealing Trojans can steal anything from passwords, cookies, history, and credit card data to chat sessions from instant messengers and pictures from webcams," the study adds.

This data stealing brand of malware is available for prices ranging from $50 to $150 and even comes with support features for any issues.

Remote Access Trojans have become one of the most popular brands of malware deployed by cybercriminals, used in a variety of attacks on companies and governments around the world. The study said these very powerful tools, which give hackers the ability to take control of someone's entire system, are on sale for up to $1,000.

"Some remote access trojans, such as Imminent Monitor which was taken down by Europol in November 2019, are often promoted as legitimate remote administration tools in order to increase sales," the report notes.

The more expensive brands of malware, which include modular bots and banking trojans, range from $400 to $5,000 depending on the sophistication of the package. 

CyberNews researchers found programs that give hackers the ability to build powerful ransomware trojans or purchase subscriptions to ransomware services for $800 per month or $2,500 for lifetime subscriptions. 

When asked how much a cybercriminal could typically make from any of these brands of malware, Bernotaityte said it largely depends on their targets and attack plans. 

Targeting gamers and stealing Steam skins is fairly low risk, so the reward is lower than other attacks and can net hackers up to $2,000 per week. Attacking payment accounts for fraud with things like PayPal scams comes with more risk but can give cybercriminals access to nearly $10,000 a week. 

When attackers go after businesses, it is much higher risk but they can expect to make far more than $10,000 per week, Bernotaityte said, adding that the value of these malware brands will force people to make changes to how they operate online.

"Aside from having a reliable anti-malware tool installed, the most helpful thing each user can do is think before clicking. Since most of these malware tools are deployed either in phishing emails or on shady websites, using caution when clicking anything on the web is more important than ever," Bernotaityte added.

"At the end of the day, the increasing decentralization of malware tools means that cybersecurity professionals will have to keep up. The better we understand how malware is created, traded, and exploited by cybercriminals, the quicker the countermeasures can be deployed."

Also see

Malware Detected Warning Screen

Image: iStockphoto/solarseven