Man
Professional
- Messages
- 3,222
- Reaction score
- 815
- Points
- 113
Researchers from Resecurity have discovered a new marketplace on the Tor network aimed at developers and users of malware for mobile devices. InTheBox provides subscribers with web injections, either generic or custom-made; The use of such assistance, according to experts, helps criminals carry out attacks on 300+ financial institutions, payment systems, social networks and retail in 43 countries.
The first mention of InTheBox in large hacker communities dates back to January 2020. At that time, the operator of the new service offered its services for the creation of web injects only personally. Over time, trust in him as a developer grew, and the criminal enterprise turned into a fully automated marketplace.
Now ready-made or custom templates for replacing the pages of online services in the browser can be purchased by subscription, including unlimited (allows you to generate an unlimited number of web injects during the paid period_.
Web injections for Alien, Cerberus, Ermac, Hydra, Octopus, aka Octo, as well as Poison and MetaDroid are very popular. Ready-made templates can be used individually or in combination; by type, they are divided into the following groups:
* Authorization data — for stealing credentials;
* Ask only PIN — for stealing pin codes;
* With Credit Card data — a form with additional fields for stealing bank card data;
* With Credit Card data + ATM PIN — with additional fields for entering card data and pin code;
* Ask Full Data — to steal the victim's personal data.
Currently, InTheBox, according to researchers, offers more than 400 professionally executed web injections for attacks on Internet services in the United States, Great Britain and three dozen other countries. Imitations of online banking systems and crypto exchangers are in the greatest demand.
From other categories, fakes of ecommerce sites (Amazon, Alibaba, stylish clothing stores, car markets), social networks, instant messengers (WhatsApp), dating sites (Tinder), video conferencing platforms (Zoom), streaming services (Netflix, Spotify) are available.
Information about the new powerful darknet service has been transferred to the global Center for Analysis and Sharing of Information between Financial Services (FS-ISAC), as well as to Google, since most of the malware supported by InTheBox is tailored for Android.
The first mention of InTheBox in large hacker communities dates back to January 2020. At that time, the operator of the new service offered its services for the creation of web injects only personally. Over time, trust in him as a developer grew, and the criminal enterprise turned into a fully automated marketplace.
Now ready-made or custom templates for replacing the pages of online services in the browser can be purchased by subscription, including unlimited (allows you to generate an unlimited number of web injects during the paid period_.
Web injections for Alien, Cerberus, Ermac, Hydra, Octopus, aka Octo, as well as Poison and MetaDroid are very popular. Ready-made templates can be used individually or in combination; by type, they are divided into the following groups:
* Authorization data — for stealing credentials;
* Ask only PIN — for stealing pin codes;
* With Credit Card data — a form with additional fields for stealing bank card data;
* With Credit Card data + ATM PIN — with additional fields for entering card data and pin code;
* Ask Full Data — to steal the victim's personal data.
Currently, InTheBox, according to researchers, offers more than 400 professionally executed web injections for attacks on Internet services in the United States, Great Britain and three dozen other countries. Imitations of online banking systems and crypto exchangers are in the greatest demand.
From other categories, fakes of ecommerce sites (Amazon, Alibaba, stylish clothing stores, car markets), social networks, instant messengers (WhatsApp), dating sites (Tinder), video conferencing platforms (Zoom), streaming services (Netflix, Spotify) are available.
Information about the new powerful darknet service has been transferred to the global Center for Analysis and Sharing of Information between Financial Services (FS-ISAC), as well as to Google, since most of the malware supported by InTheBox is tailored for Android.
