Market questions for malware
#1
Hello! I've been really focused on learning different malware concepts (such as AV evasion and how to make crypters). I'm curious how an individual would go about selling malware, where someone would go sell malware, what people typically sell, whats hot, and other general questions like that. For example, when selling, would you give someone the source code? Would you compile the code to someone's preferences (such as configuring malware to connect to the clients VPS)?

Thanks for any answers or pointers!
Reply
#2
I have never experience this first hand and always watched from the distance, but for what I imagine no source code is provided.
For RATs you encounter in forums like hackforums most of them are going to be binaries or binders or whatever. But I suppose never the source code as they would not be able to continue selling their product.

One thing that has been very common lately is malware as a service, the vendor sells access to his botnet where you would have an account and would be able to operate.

If the malware is _simple_ you can encounter it on clear net in most hacking forums with marketplace. However, you can find bigger organizations and more thought/targeted campaigns in restricted access forums.

As I said, hopefully someone who is more into the field can elaborate further.
Reply
#3
Thanks! I'll probably take a look at some marketplaces and see what other people do.
Reply
#4
Like enmafia said, malware as a service is pretty big. You basically sell a kit with malware components and let the buyer either own it or rent it. I'm going to disagree with enmafia in that source code is sold, but usually not to the end user. Usually a programmer who doesn't want to f around with customers will sell it to someone who can turn around and sell it like I mentioned before.
Botnets and ransomware are big money. Botnets can be used for all kinds of different things. They can be used as proxies, stealing data, DDoS, spam, click fraud. As well as less common things like distributed password cracking. Ransomware is kind of obvious. Malware is still in its' infancy in my opinion. The reason is that it's a cat-and-mouse game between malware authors and security companies. Security companies are still behind the curve by a lot (in my opinion). Not to say they aren't making progress, but writing effective malware is too easy.
Reply
#5
Thanks for the informative reply Deep!
I know it's against the rules here to advertise, but would it be okay for someone to show me a couple of example sites that market this kind of stuff?
Reply
#6
(02-01-2021, 06:06 PM)ueax Wrote: Thanks for the informative reply Deep!
I know it's against the rules here to advertise, but would it be okay for someone to show me a couple of example sites that market this kind of stuff?

You can find a lot of examples in the reports big companies make. Don't expect serious campaigns to have flashy banners and cool graphic design, it is pretty common to only be blocks of text.

But quick searches will show you several results. Most hacking forums with marketplace are filled with people offering services. The more skiddier the more flashy threads you will find.
Reply
#7
(02-01-2021, 07:43 PM)enmafia2 Wrote: You can find a lot of examples in the reports big companies make. Don't expect serious campaigns to have flashy banners and cool graphic design, it is pretty common to only be blocks of text.

But quick searches will show you several results. Most hacking forums with marketplace are filled with people offering services. The more skiddier the more flashy threads you will find.

Thanks!
Reply
#8
Yeah generally you'll find either the skid-suppliers on places like hackforums and sinisterly. More low key people are elsewhere. But if we told you where that was it wouldn't be very low-key XD
Reply
#9
Lol yeah. That'll be up to me to find those places. Found this forum with some Google search operators, shouldn't be too different unless its a darknet site.
Reply
#10
(02-02-2021, 04:25 PM)ueax Wrote: Lol yeah. That'll be up to me to find those places. Found this forum with some Google search operators, shouldn't be too different unless its a darknet site.

There are ways to perform OSINT on the Darknet as well though, if you want to try and find some underground marketplaces.

In the interest of transparency, i'll freely admit i don't have a lot of experience with DeepWeb/Darknet OSINT but i find that for all things OSINT this resource is generally the best place start.

[Image: osf-cleaned.jpg]

As to your original question personally i am not in the business of selling malware or providing malware as a service. However as DeepLogic said, it stands to reason that individual malware authors would prefer to sell to a broker in order to create some distance between them and the action so to speak. I'd imagine the broker would want to buy the complete source code and then use that as the basis of their Malware as a Service enterprise. It would also stand to reason that the broker would want to sell a complete product to the end user. Not only because it's more user friendly that way and opens up a bigger market of less skilled individuals that may be interested in such services, but also because in essence the broker bought the intellectual property from the original author and it would be in their interest to protect that intellectual property. The broker may even add their own obfuscation as well in order to protect that intellectual property.

There are however blackhat enterprises that function very much like any other enterprise, with in-house R&D, people that handle sales, tech support and may offer many additional services such as methods of spreading the malware. They may for instance provide mail servers and email lists in order to spread the malware through MalDocs or what have you.


To conclude, it's not even a requirement to go full blackhat, if you want to be successful by authoring and selling malware. You may remember Hacking Team? They had their own malware suites with extended customer support as well, much like the bigger blackhat enterprises. However they sold their product to governments all across the world.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  How do malware builder interfaces work? cold 8 683 Yesterday, 06:45 AM
Last Post: poppopret
  Malware dev advice OSCNET 6 7,346 04-22-2021, 12:11 AM
Last Post: Vector
  How to persist malware in Windows without tripping runtime AV? God Himself 2 3,851 04-21-2021, 10:25 PM
Last Post: Vector
  The Malware Mega Thread. Vector 64 115,567 03-07-2021, 05:40 PM
Last Post: Insider