InTheBox sells software to attack more than 300 financial systems and social networks in 43 countries.
Researchers of the information security company Resecurity have discovered a new market on the darknet, focused on developers and operators of mobile malware. A marketplace called «InTheBox» has been operating on the TOR network since at least May 2020, and since then it has evolved from a private market to the largest marketplace offering a huge number of unique tools and web injections.
Resecurity experts called InTheBox the largest and most significant source of bank theft and fraud using mobile devices. Most of the mobile malware supported by InTheBox targets Android devices.
Currently, cybercriminals offer for sale more than 1850 malicious tools designed for targeted systems from more than 45 countries:
- large financial institutions;
- e-commerce systems;
- payment systems;
- online stores;
Companies targeted by cybercriminals includeAmazon, PayPal, Citi, Bank of America, etc.
Operators of the InTheBox marketplace are closely connected with the developers of the main families of mobile malware, including Alien, Cerberus, ERMAC, Octopus (Octo) and others.
Cybercriminals can rent ready-made malware for a subscription fee of $ 2500 to $ 7000 or order individual development of web injections for certain services or applications. Today, InTheBox provides access to more than 400 professionally designed web injections, classified by geography and purpose.
InTheBox was discovered by Resecurity’s HUNTER division, which identifies government hackers and industry partner attackers. The specialists passed on the information to the Financial Services Information Sharing and Analysis Center (FS-ISAC) and Google’s security team so that they could develop signatures and tactics to properly protect mobile devices.