The Role of the Dark Web in Malicious Apps Rise

The digital landscape has recently witnessed a surge in the number of malicious applications targeting unsuspecting users. These applications are typically disguised as legitimate applications, such as games, utilities, or productivity tools, to trick users into downloading and installing them. Once installed, they can perform a variety of harmful actions, from stealing personal information to causing financial loss or even taking control of the device. Based on a report from iClop, around 27,000 malicious applications are detected every day.

What are malicious apps and where can they be found?

Malicious apps are software applications designed with the intent to harm or exploit any device, network, service, or computer program. Online app stores, both official like Google Play and Apple App Store, and unofficial third-party online stores, are common places where users might inadvertently download these harmful apps.

In the following image, you can see a post from the renewed BreachedForums, where a threat actor offered to sell compromised assets from malicious apps.

What role does the dark web play in the surge of malicious apps?

The dark web has seen a growing interest in malicious apps. Cybercriminals frequent the dark web to buy, sell, or exchange information and tools related to these apps. You can see this trend in the next chart that illustrates the increase in the number of posts discussing malicious apps on the dark web since September 2023:

What information can be found about malicious apps on the dark web?

The dark web is rife with discussions about malicious apps. These discussions can be broadly categorized into:

1. Sales listings – Cybercriminals often sell malicious apps or tools to create them.
2. Guides and tutorials – There are numerous guides available that detail the creation and distribution of malicious apps.
3. Requests for collaboration – Some cybercriminals seek partners or experts to collaborate on developing more advanced malicious apps.

These discussions primarily occur in dark web forums and marketplaces, where anonymity is maintained, and transactions are often made using cryptocurrencies.

Discussions about malicious apps on the dark web

Example #1: Malicious gaming app that steals user data – offered for sale

The first example (seen in the next image) shows a post from the dark web marketplace AlphaBay, where a vendor offered a counterfeit Pokémon Go app embedded with a Remote Access Trojan (RAT).

This malware allows cybercriminals to control their victim’s device remotely, often granting them access to sensitive data, cameras, microphones, and more.

Example #2: A collaboration offer to develop a crypto-wallet stealing app

The following image shows a post where a threat actor shares his plan to create a cryptocurrency wallet app embedded with hidden admin privileges, aiming to illicitly access and steal user funds.

The post was taken from the underground forum Dread, and the image is from our Cyber API.

What’s next?

The malicious app trend is expected to continue evolving, and the dark web will continue to play a pivotal role in developing more powerful harmful apps. Monitoring discussions on the dark web, with providers like Webz.io, is crucial to staying one step ahead of these threats. By keeping an eye on these discussions, organizations can gain insights into emerging threats and take proactive measures to protect their personnel and their business from these threats.