AV Evasion Tools Skyrocket on Dark Web Markets

Categories:

2024 saw a surge in commercial advertising for cryptors, tools designed to obfuscate malware code. Cryptor developers have actively incorporated advanced evasion techniques into their malware arsenal, making detection increasingly challenging for security solutions. 

The market for these tools remains steady, with prices ranging from $100 to $20,000, as a notable trend is the growing popularity of premium private cryptors over public offerings.

It witnessed a steady supply of “loader” malware, ranging from affordable mass-distribution tools to high-priced, custom-built solutions, which often coded in multiple languages like C++ and Go, offer diverse functionalities. 

Examples of loader offers

Threat actors are increasingly seeking specialized loaders to execute precise infection chains, which aligns with predictions and underscores the evolving sophistication of underground malware markets.

2024 witnessed a significant rise in the prevalence of crypto asset-draining services on dark web markets as these malicious tools, designed to steal digital assets like tokens and NFTs, were actively promoted and discussed on platforms like Telegram. 

Drainer developers continuously updated their tools to support new crypto assets, and the emergence of the first mobile drainer highlighted the expanding threat landscape. 

Dark web post containing links directing potential collaborators to Telegram

There is a continued prevalence of black traffic schemes on underground markets, with cybercriminals leveraging deceptive ads on mainstream platforms to distribute malicious landing pages. 

This trend underscores the effectiveness of such tactics for reaching a wider audience and delivering malware. Conversely, the market for cryptocurrency cleaning services remained relatively static, with established providers maintaining their dominance.

Prediction for 2025:

Cybercriminals are increasingly targeting third-party contractors to gain access to sensitive corporate data. By compromising a supplier’s systems, attackers can infiltrate the infrastructure or databases of multiple organizations, which is exemplified by groups like IntelBroker and is expected to escalate in 2025, potentially leading to widespread data breaches. 

The dark web is witnessing a surge in the sale of stolen databases, often involving repackaged or fabricated data to generate hype and damage reputations.

Profile of the actor named IntelBroker on a popular dark web forum

Cybercriminals, facing increased scrutiny and bans on Telegram channels, are migrating back to dark web forums. To attract users, these forums are enhancing their features, including automated services, dispute resolution, and security measures. 

Law enforcement’s successful operations against cybercrime groups in 2024 will likely drive threat actors deeper into the dark web, leading to the emergence of closed and invitation-only forums.

They are increasingly targeting cryptocurrency users with specialized malware, such as stealers and drainers, to steal sensitive information and crypto assets, where the MaaS model lowers the barrier of entry for cybercriminals, making these attacks more accessible. 

Examples of traffer searches for drainers

Ransomware groups are also fragmenting, making them harder to track, while leaked malware source codes and DLS source codes enable low-skilled cybercriminals to create their own tools and infrastructure, further exacerbating the threat landscape. 

According to Secure List, cybersecurity threats are escalating in the Middle East, driven by both hacktivism and ransomware, where hackers, motivated by geopolitical tensions, are shifting tactics from simple DDoS and defacement to more severe data breaches and system compromises. 

Meanwhile, ransomware attacks have surged in the region, with the number of victims increasing significantly in the first half of 2024, which is expected to continue, posing a significant risk to critical infrastructure and businesses in the Middle East.

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here