Resecurity, the California-based cybersecurity company, has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators.
The marketplace is known as “In The Box”, and has been available for cybercriminals in the TOR network from at least the start of May 2020, however since then it has transformed from a cybercriminal service operating privately into the largest marketplace known today for its sheer number of unique tools and so-called WEB-injects offered for sale.
Such malicious scenarios are purposely developed by fraudsters and used for online-banking theft and financial fraud. Web-injects are integrated into mobile malware to intercept banking credentials, payment systems, social media and email provider credentials, but it doesn’t end there, these malicious tools also collect other sensitive information such as credit card information, address details, phone and other PII.
According to the experts from Resecurity, the identified “In The Box” marketplace may now proudly be called the largest and most significant catalyst for banking theft and fraud involving mobile devices. The significance of findings is highlighted by the quality, quantity and spectrum of the available malicious arsenal.
Currently, cybercriminals are offering over 1,849 malicious scenarios for sale, designed for major financial institutions, ecommerce, payment systems, online retailers, and social media companies from over 45 countries including the U.S, the U.K, Canada, Brazil, Colombia, Mexico, Saudi Arabia, Bahrain, Turkey, and Singapore. The supported organizations targeted by cybercriminals include Amazon, PayPal, Citi, Bank of America, Wells Fargo, DBS Bank, etc. During November 2022 the actor arranged a significant update of close to 144 injects and improved their visual design.