Dark Web News

The Role of the Dark Web in Malicious Apps Rise

The Role of the Dark Web in Malicious Apps Rise

The digital landscape has recently witnessed a surge in the number of malicious applications targeting unsuspecting users. These applications are typically disguised as legitimate applications, such as games, utilities, or productivity tools, to trick users into downloading and installing them. Once installed, they can perform a variety of harmful actions, from stealing personal information to causing financial loss or even taking control of the device. Based on a report from iClop, around 27,000 malicious applications are detected every day.

What are malicious apps and where can they be found?

Malicious apps are software applications designed with the intent to harm or exploit any device, network, service, or computer program. Online app stores, both official like Google Play and Apple App Store, and unofficial third-party online stores, are common places where users might inadvertently download these harmful apps.

In the following image, you can see a post from the renewed BreachedForums, where a threat actor offered to sell compromised assets from malicious apps. 

A screenshot from BreachedForums where an actor is offering compromised assets from malicious apps
A screenshot from BreachedForums where an actor is offering compromised assets from malicious apps

What role does the dark web play in the surge of malicious apps?

The dark web has seen a growing interest in malicious apps. Cybercriminals frequent the dark web to buy, sell, or exchange information and tools related to these apps. You can see this trend in the next chart that illustrates the increase in the number of posts discussing malicious apps on the dark web since September 2023:

Mentions of malicious applications across the deep and dark web, the data is taken from Webz.io's Cyber API

What information can be found about malicious apps on the dark web?

The dark web is rife with discussions about malicious apps. These discussions can be broadly categorized into:

  1. Sales listings – Cybercriminals often sell malicious apps or tools to create them.
  2. Guides and tutorials – There are numerous guides available that detail the creation and distribution of malicious apps.
  3. Requests for collaboration – Some cybercriminals seek partners or experts to collaborate on developing more advanced malicious apps.

These discussions primarily occur in dark web forums and marketplaces, where anonymity is maintained, and transactions are often made using cryptocurrencies.

Discussions about malicious apps on the dark web

Example #1: Malicious gaming app that steals user data – offered for sale

The first example (seen in the next image) shows a post from the dark web marketplace AlphaBay, where a vendor offered a counterfeit Pokémon Go app embedded with a Remote Access Trojan (RAT).

A post showing a vendor offering a fake Pokemon Go app on the darknet marketplace, AlphaBay, the image is taken from Webz.io's Cyber API
A post showing a vendor offering a fake Pokemon Go app on the darknet marketplace, AlphaBay, the image is taken from Webz.io’s Cyber API

This malware allows cybercriminals to control their victim’s device remotely, often granting them access to sensitive data, cameras, microphones, and more. 

Example #2: A collaboration offer to develop a crypto-wallet stealing app

The following image shows a post where a threat actor shares his plan to create a cryptocurrency wallet app embedded with hidden admin privileges, aiming to illicitly access and steal user funds.

A hacker showing interest in developing a crypto wallet app that can steal user funds, the image is taken from Webz.io's Cyber API
A hacker showing interest in developing a crypto wallet app that can steal user funds, the image is taken from Webz.io’s Cyber API

The post was taken from the underground forum Dread, and the image is from our Cyber API. 

What’s next?

The malicious app trend is expected to continue evolving, and the dark web will continue to play a pivotal role in developing more powerful harmful apps. Monitoring discussions on the dark web, with providers like Webz.io, is crucial to staying one step ahead of these threats. By keeping an eye on these discussions, organizations can gain insights into emerging threats and take proactive measures to protect their personnel and their business from these threats.

Yhonatan Harari
Yhonatan Harari

Cyber Analyst

Spread the News

Not subscribed to our Dark Web Pulse updates?

By submitting you agree to Webz.io's Privacy Policy and further marketing communications.

Feed Your Machines the Data They Need

Feed Your Machines the Data They Need

GET STARTED

Don't be the last one to know!

Chances are your compromised data is already traded on the dark web.
Ready to discover them and protect your business?

Subscribe to our newsletter for more news and updates!

Ready to Explore Web Data at Scale?

Speak with a data expert to learn more about Webz.io’s solutions
Create your API account and get instant access to millions of web sources