HQ/EMEAFind out how we can help your business
Researchers have classified InTheBox as the most prominent dark web marketplace after its discovery in December last year. In January two years ago, this marketplace introduced itself as a fully automated product marketplace in different cybercriminal communities.
Based on rereports, this malicious store offers custom web injects for various mobile malware strains. Hence, researchers conducted investigations to obtain additional details about this cybercriminal environment.
InTheBox sells more than 1,800 Android phishing forms to its customers.
InTheBox market promotes an inventory that contains nearly 1,900 web injections on Russian cybercrime forums. These hostile web injections could be purchased by threat actors looking to execute malicious attacks such as credential theft and data harvesting from different entities such as banks, crypto applications, and eCommerce.
The marketplace’s overlays support multiple Android banking trojans and spoof apps run by different organisations worldwide.
The web injects initially targeted organisations from different territories in South America, Australia, and the United States. Unfortunately, the scope of their service widened as the marketplace expanded to more than 40 countries.
As of last month, InTheBox endorses 814 web injects that are compatible with Metadroid, Alien, Ermac, and Octopus for $6.5 million. On the other hand, web injects that support Cerberus attacks are nearly $4,000, and web injects that are compatible with Hydra cost about $5,000.
However, customers not willing to purchase the entire package could buy individual web injects for about $30.
Currently, threat actors could focus on other parts of their malicious campaigns since there is an abundant source of low-cost web injects. Thus, they could prioritise building their malware and expanding their threat landscape.
Further benefits of these inject it is that it could check the legitimacy of credit card numbers given by the targets through the Luhn algorithm that aids Android trojan actors in filtering irrelevant information.
Cybersecurity experts suggest that users follow standard cybersecurity hygiene practices to protect themselves against such threats. Users should minimise downloading, installing, and upgrading software from untrusted sources.
In addition, users should enable Google Play Protect on their Android devices to mitigate the chances of getting infected by sketchy apps.
