Darknet News

Rising Darknet Market Named World’s ‘Largest Mobile Malware Marketplace’

A darknet market specializing in webinject malware is catching the attention of cybersecurity researchers after a report by Resecurity brought it into media focus for the first time. The market, known as “InTheBox,” is believed to have been around since January 2020 but recently shifted from private services to a “fully productized automated marketplace.” It is now being described as “the largest mobile malware marketplace” on either the dark or clear web.

Unlike other darknet markets offering similar services, InTheBox specializes in the sales of webinjects designed to capture data from mobile devices. The malware accomplishes this by altering content displayed on a mobile browser, injecting HTML or JavaScript code created to intercept user credentials; chiefly those sent for banking purposes. Also targeted are e-commerce platforms, online stores, and various payment systems. The malicious code is written to imitate the usual login portion of a screen and is often transparent to the mobile device user.

Examples of InTheBox webinject purchase packages. Source: Resecurity

InTheBox currently offers a sophisticated assortment of customized templates to be used by attackers. Part of subscription-based webinject services includes updates to match design changes on targeted mobile apps. Accounts for the marketplace can be created and its contents accessed only after approval from the admin via Telegram or Jabber message.

According to researchers at SecurityAffairs, mobile-based webinject services have the same success rate as their PC-based counterparts, although mobile webinject malware is often cheaper to purchase. As of Nov. 2022, there were over 1,800 “malicious tools” identified for mobile device attacks for sale across various hacking forums and the dark web. Such attacks have thus far affected users in more than 45 countries, with customers of Amazon, Bank of America, Citi, PayPal, and Wells Fargo being among the most popular targets.

Cybersecurity experts warn the success of InTheBox may encourage the rise of more darknet marketplaces specializing in the sale of mobile-based malware, posing a greater, persisting threat to the world’s smart phone userbase, which is estimated to have surpassed 6.6 billion (roughly 83% of the global population) in Dec. 2022.

The Tor URL for InTheBox provided in a Resecurity screenshot was unreachable as of the writing of this article.

Leave a Reply

Your email address will not be published. Required fields are marked *