What Products are Available on the Malware Markets?

What Products are Available on the Malware Markets?

The malware markets contain everything from simple software programs to crack passwords to companies offering governments a one stop shop for surveillance and espionage. Some of these products are highly valuable; one company, Zerodium, advertises a $1.5 million payout to anyone willing to sell zero day vulnerabilities in Apple’s iOS operating system. NSO Group, an Israeli company that was caught having sold surveillance malware to the UAE to monitor human rights activists, has been valued at more than $1 billion. Alongside this big business are groups that lease access to ransomware and rent time on botnets for just hundreds to thousands of dollars a week. This dichotomy in prices and offerings has helped create a two-tiered market, with a larger lower level conducting business in online marketplaces, and a small upper level working through social networks and encrypted communications.

The markets encourage specialization so that certain criminals build an entire business around developing, maintaining, and selling different kinds of malware and criminal services to give their customers up to date access to massive number of potential targets. Imagine an attacker who stumbles upon the leaked source code for a piece of malware like Zeus or a sample of ransomware and rents time on a ready-made exploit kit or botnet to distribute it? Without ever writing a line of code, a criminal is born.

Spectrum of Products

1st Tier—Component Vendors

Discovering Vulnerabilities: Within the malware market, many actors work to discover new vulnerabilities and sell or use them. For most malicious software, even well known vulnerabilities can prove useful.

Selling Exploits: Exploits are code that take advantage of a software vulnerability to get malware’s payload on the computer or help it function.

Writing Payloads: A payload is code that does something on the target, like generating money, causing physical destruction, or stealing information.

2nd Tier—Integrators

Exploit Kits: These kits are used to exploit many vulnerabilities, giving their users choices in how to upload and execute malicious code on a range of different targets. Essentially, they are used to deliver payloads that users can specify.

Building and Renting Botnets: Numerous suppliers provide the ability to rent time on premade botnets. This allows users to harness existing implementations with their own custom instructions.

Services: Some criminals will offer different kinds of malware, integrated with an exploit kit or other tools to infect computers. Ransomware—malicious software that encrypts files on a target computer in exchange for a ransom—can even be sold as a service, with customers paying back a portion of the profits in exchange for use of a new piece of malware.

3rd Tier—Full Service

Companies: Within the malware markets, some actors act as one-stop-shops for all their customer’s malware needs. These groups deliver everything from specific malware payloads to user training and complete software-as-a-service approaches. These companies implement all the stages a customer requires, potentially integrating software from different vendors to present a polished product.

Explore Products

Goods and Services Available on the Malware Markets

Click the categories to read more.