Resecurity specialists spoke about the new InTheBox marketplace, which is focused on mobile malware operators.
The site has been operating on the darknet since the beginning of 2020 and offers buyers more than 400 custom web injections grouped by geographic area.
Let me remind you that we also wrote that New Underground Industrial Spy Marketplace Trading in Data Discovered.
In this case, web injections are packets used by financially oriented malware for adversary-in-the-browser (AitB) attacks. That is, they provide malicious HTML or JavaScript for overlays that are used when the victim works with banking, cryptocurrency, payments, e-commerce, email or social networking applications.
These overlays look like legitimate login web pages and prompt users to enter sensitive data: credentials, payment card details, social security number, card CVV code, and so on. As a result, all this information falls into the hands of attackers and is used to compromise the target’s bank account or other fraud.
Various web injection templates are sold on InTheBox, and a user can access the marketplace only after the administration checks the new user and activates the account.
Access to InTheBox starts at $100 per month. You can also pay for an unlimited subscription level, which will allow you to create an unlimited number of injections while the subscription is active. The cost of the unlimited “tariff” varies from 2475 to 5888 dollars (depending on the supported malware).
For example, InTheBox web injects support Android bankers such as Alien, Cerberus, ERMAC (and its successor MetaDroid), Hydra, and Octo.
