A New InTheBox Marketplace for Mobile Malware Operators Was Found on the Darknet

new marketplace InTheBox
Written by Emma Davis

Resecurity specialists spoke about the new InTheBox marketplace, which is focused on mobile malware operators.

The site has been operating on the darknet since the beginning of 2020 and offers buyers more than 400 custom web injections grouped by geographic area.

new marketplace InTheBox

This automation allows attackers to create orders so actual web injections can be further injected into mobile malware. InTheBox can be called the largest and probably the only marketplace in its category that provides high-quality web injections for popular types of mobile malware.the researchers write.

Let me remind you that we also wrote that New Underground Industrial Spy Marketplace Trading in Data Discovered.

In this case, web injections are packets used by financially oriented malware for adversary-in-the-browser (AitB) attacks. That is, they provide malicious HTML or JavaScript for overlays that are used when the victim works with banking, cryptocurrency, payments, e-commerce, email or social networking applications.

new marketplace InTheBox

These overlays look like legitimate login web pages and prompt users to enter sensitive data: credentials, payment card details, social security number, card CVV code, and so on. As a result, all this information falls into the hands of attackers and is used to compromise the target’s bank account or other fraud.

Various web injection templates are sold on InTheBox, and a user can access the marketplace only after the administration checks the new user and activates the account.

Access to InTheBox starts at $100 per month. You can also pay for an unlimited subscription level, which will allow you to create an unlimited number of injections while the subscription is active. The cost of the unlimited “tariff” varies from 2475 to 5888 dollars (depending on the supported malware).

new marketplace InTheBox

For example, InTheBox web injects support Android bankers such as Alien, Cerberus, ERMAC (and its successor MetaDroid), Hydra, and Octo.

Most of the popular injections are related to payment services, including digital banking and cryptocurrency exchanges. In November 2022, the attackers made a notable update to almost 144 injections, improving their visual style.the researchers say.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply