Dark web drug markets use custom Android apps to avoid scrutiny

Updated on: 10 January 2023

Gintaras Radauskas
Senior journalist

Darknet markets selling drugs and other banned substances attract increased attention from law enforcement agencies but find ways to evade scrutiny and increase privacy, a new report from Resecurity says.

Resecurity, an American cybersecurity company, says these markets have started to use custom Android apps. Besides ordering drugs, the latter allow clients to communicate with drug vendors and provide concrete courier instructions for delivery.

Researchers of Resecurity’s HUNTER team performed an analysis of current trends and dynamics related to the underground online economy and now say a recent takedown of Hydra Marketplace by Germany’s Federal Criminal Police Office has dealt quite a blow to the ecosystem and shaken the scene.

Fighting for brand recognition

“There is an oversupply of goods on the market right now. Hydra created an ecosystem. Everything you needed could be found there. For some, this provided new opportunities, but the restructuring of the market is always a problem for all participants,” one source told Resecurity.

According to the company, after Russia-linked Hydra, at that time the world’s largest darknet marketplace with 19,000 registered sellers and 17 million customers worldwide, was shut down and seized in April 2022, at least 10 dark web markets have risen to fill the vacuum.

For now, most of the new markets have been primarily fighting for brand recognition and a chance to bring on parts of Hydra’s orphaned user base.

According to Resecurity, those who benefited the most from Hydra's shutdown were RuTor, WayAway, Legalizer, OMG!, Solaris, and Nemesis. Over the past summer, these markets took in 795,000 new users altogether.

What’s also important, vendors have started leveraging alternative digital channels – customized mobile apps and messaging platforms such as Telegram. Some notable underground actors notified customers about the need to move to alternative communication channels as a security measure considering the increased activity by law enforcement.

“Due to the recent Hydra closure, we have created Telegram bots and increased the number of operators to service all of your cities. Check Telegram to receive the list of cities where we operate,” a post in Russian says on an Olymp marketplace site.

ruski-mir — A post on the Olymp marketplace site. Courtesy of Resecurity.

Resecurity researchers say that the significance of this new trend of providing customers with a customized Android-based mobile app for purchases and secure communications is increasing operational security measures for threat actors.

“Bad actors control communications infrastructure, may easily destroy/wipe it, as well as get rid of mobile devices,” the report says.

New methods needed

Some of these mobile apps “have been recently observed by our experts on seized mobile devices by law enforcement – they belong to several suspects involved in drug trafficking and other illegal operations.”

After the closure of Hydra, underground shop owners also became more careful, Resecurity says. Some of them have masked their products and removed all public descriptions – this means that only vetted customers can see what they are selling.

"The mobile apps provide the ability to transfer details about successful drug orders, and they can also send geographical coordinates of the "package" left by the courier for further pick-up," explains Resecurity.

The company notes that criminal entities involved in drug trafficking continue to upgrade their tooling and advance their operations on the dark web. That’s why, according to Resecurity, the law enforcement community needs to develop new ways to monitor illegal drug trades in the Dark Web and adjust their tactics to the dynamically changing threat landscape.

Major drug markets in the dark web are now worth around $315 million annually, according to the United Nations Office on Drugs and Crime (UNODC). Resecurity estimates this figure to be significantly higher in 2023, as the annual sales of illegal drugs in the dark web for 2022 exceeded $470 million.

It is the result of increased geopolitical tensions, global pandemics, and unprecedented growth of the shadow economy internationally, Resecurity says. The COVID-19 pandemic helped, too.