A new breed of online drug shop in Russia is utilizing mobile apps as their primary means of doing business, according to a recent report from device security experts at the ISMG Network. At least seven drug-only Russian-language markets are now based on Android apps that use an engine known as M-Club. All apps appear to be constructed by the same developer, suggesting the shops are possibly somehow interconnected.
Earlier this year, cybercrime analysts at Resecurity named seven Russia-based mobile drug markets and provided links to their respective apps. Resecurity found that some of the mobile apps were on mobile devices seized by law enforcement, belonging to drug trafficking suspects. The shops all have a presence on the clearnet that hosts the download file for their mobile app, where most of the actual business takes place. The shops all employ the courier and dead drop system, made popular by RAMP โ the first major Russian darknet market โ and later perfected by Hydra.
Example of a drug shop prominently featuring links to their mobile apps. Source: Resecurity
While drug dealers in Russia are increasingly shunning the dark web in favor of conducting business via Telegram and mobile apps like the ones using M-Club, several Tor-based suitors have stepped up in the region to replace Hydra, currently numbering around 10 in all. Currently the most popular is RuTor, considered to be the largest Russian-speaking darknet market, with around 292,000 registered users.
Other such markets with lesser amounts of activity include OMG!OMG!, WayAway, Mega, BlackSprut, Solaris, and a newer market named Kraken which opened in December of last year. Resecurity notes that not all markets are necessarily competing against each other as some cater to Russian and Belarussian customers while other cater more to customers in Ukraine.
The takedown of Hydra in April of last year has shifted the virtual location of online sales of drugs in Russia, with principle market operators there growing increasingly aware of the methods being used by law enforcement to stifle their activity. Although a battle for dominance of market share in the region continues to be waged among traditional darknet markets, researchers at ISMG and Resecurity believe that the amount of sales activity is likely to increase in non-traditional platforms such as Telegram and mobile applications, as different risks are weighed against the benefits of ditching the darknet for underground drug sales in Russia.