Report: buying your own malware has never been easier

Year after year, the number of cyberattacks and their overall damage has been steadily growing all around the world. One of the main factors behind this perpetual rise in cybercrime statistics is the incredibly low cost and high availability of off-the-shelf malware and ransomware sold on darknet marketplaces.

We decided to take a look at the underground message boards and marketplaces on the dark web and see for ourselves if buying and owning malware is really that easy and cheap – ranging from absolutely free to $50 for advanced software.

What we found exceeded our expectations far beyond what we initially anticipated. As it turns out, you don’t have to be a programmer or even have any specialized technical knowledge to buy or create malware. In fact, the entry bar is set so low that practically anyone can do it – all you need is an online wallet loaded with some Bitcoin.

Encrypted trojans that can remain undetected by even the most sophisticated antivirus systems? Custom-built ransomware tailored to your own specifications? Remote cybercrime courses for aspiring “online entrepreneurs”? It’s all there and available for would-be cybercriminals – for the right price.


In order to conduct this research, we visited 10 popular darknet marketplaces and analyzed the following:

  • Availability of malware programs for sale
  • The cost of the malware tools on offer
  • Availability of customer support for said tools

Summary of our results

  • Buying malware is incredibly easy – anyone can do it in mere minutes
  • Owning malware is cheap or even free: while the free tools are available but somewhat risky to use, advanced tools are available for as little as $50 on cybercrime forums that operate in the open
  • Customer support is usually offered with paid malware tools, including free updates and troubleshooting services

A thriving not-so-underground economy

In the many shadow markets of today, malware is easily bought, sold, and traded on websites that are basically dark web versions of Craigslist.

Some malware marketplaces are easy to find and open to anyone. Most of the malware tools sold in these entry-level websites are of inferior quality, made by neophyte hackers looking to make their names in cyberspace.

On the other end of the spectrum are invite-only message boards, accessible only via the TOR network and run by veteran Eastern European cybercriminals who offer high-grade products used by serious clientele.

Selling malware in the open

The would-be cybercriminals of today don’t need any technical knowledge. All they need to know is where to do their shopping.

One website, a so-called “world’s biggest link list for hacking and security boards,” offers a massive catalogue of online hacking communities and cybercrime forums where users can buy and sell malware, conveniently sorted by the language.

Dedicated malware marketplace sections on cybercrime forums are some of the liveliest sections of the message boards, with hundreds of thousands of posts openly discussing and trading malicious software tools and much more:

Cybercrime market section on a hacking message board

Unsurprisingly, malware marketplaces have their own culture of mistrust and suspicion. This means that for the vast majority of premium malware tools, things like trial versions and test drives are out of the question.

That’s why before releasing a new malware tool to the “public,” the developer usually gives away several advance review copies to trusted message board members for public and private feedback. Malware developers openly answer questions right there on the message boards, as well.

Malware developer Q&A on malware market message board

It’s safe to say that malware developers can come from many walks of life, but they typically hail from countries and regions where cybercrime legislation is not strictly enforced and talented, tech-inclined people don’t have many opportunities for gainful employment. This is why the global community has to begin taking malware markets seriously. Otherwise, these markets will continue to thrive, in one way or another.

Latest cyberthreats for sale

As we browsed the marketplaces, we found hundreds of malware programs and services for sale. Banking trojans, made for stealing people’s online banking credentials, are offered alongside ransomware builders, state-of-the-art modular malware bots, and much more. All complete with tech support that is available for free or a modest additional fee.

What follows are examples of the most popular categories of malware programs that we found for sale on darknet marketplaces.

Data stealers

Some of the most popular malware tools available, data-stealing Trojans can steal anything from passwords, cookies, history, and credit card data to chat sessions from instant messengers and pictures from webcams.

Price: $50-$150

Support: tech support available

Data stealer for sale on a malware market message board

Remote Access Trojans (RATs)

A Remote Access Trojan allows the attacker to essentially take over the victim’s system, including running and installing software, taking screenshots, toggling the webcam, and seeing everything the victim is doing in real time.

Price: $800-$1000

Support: tech support available

Warzone Remote Access Trojan for sale on a malware market message board

Some remote access trojans (RATs), such as Imminent Monitor (taken down by Europol in November 2019), are often promoted as legitimate remote administration tools in order to increase sales.

Modular malware bots

Modular malware bots include – and can selectively launch – different malicious payloads, depending on the target and the goal of the attack. From logging the victims’ keystrokes and stealing their passwords to hijacking cryptocurrency wallet addresses from their clipboards, modular bots will have most of a cybercriminal’s malware needs covered.

Barebones bot price from: $400-$600

Full-package price: approx. $2500

Support: tech support available

Modular malware for sale on a malware market message board

Banking trojans

Banking trojans disguise themselves as genuine software that users often download and install from piracy and torrenting sites. Once installed, banking trojans can access the user’s banking details and send them back to the attacker to grant them access to the victim’s bank account.

Price: approx. $5000

Support: tech support available

Banking trojan for sale on a malware market message board

Ransomware builders

Ransomware trojans take users’ devices hostage by encrypting their contents and demanding ransom to get your data back, payable only in cryptocurrency. While most ransomware developers in 2020 sell their product as a service, software for building one’s own ransomware is also available for sale.

Price: from $800 for 1 month, approx. $2500 lifetime subscription

Support: tech support available

Ransomware builder for sale on malware market message board

No skills or experience required

From what we’ve encountered on these marketplaces, almost all premium malware sellers provide buyers with in-depth tutorials and ideas about using their products for technically unskilled buyers.

For some, getting a manual along with a new thousand-dollar malware suite might be taken for granted. Surprisingly, on the cheap end of the spectrum, would-be cybercriminals don’t have to look far to find malware reviews and setup tutorials either – YouTube has them covered:

Malware setup tutorial on YouTube

As we can see, becoming a cybercriminal in 2020 is easier than it has ever been, especially for those who know what to look for. While there are several additional steps they’d have to take after buying their own malware package – such as paying $5-$25 for making their malware build undetectable by most antivirus programs (also known as “crypting”), setting up the tool on a bulletproof domain, and then actually spreading the malware – all the information is often just a Google search away.


Even though threat researchers and security experts at CyberNews have long been aware of the existence of malware marketplaces, becoming a malware owner is now cheaper and easier than ever.

As the underground malware economy continues to thrive, the ranks of cybercriminals will continue to grow at an increasing rate. While this outlook might seem rather pessimistic, hopefully it will force the cybersecurity industry to shift to a preventive approach, at least when it comes to anticipating and defending from malware attacks.

At the end of the day, a greater awareness of how malware is created and distributed can help both individuals and organizations understand the importance of evolving their defense strategy. When anyone can become a cybercriminal, we no longer have the luxury of taking a passive approach to cybersecurity.

Protect yourself online with our hand-picked digital privacy tools

Leave a Reply

Your email address will not be published. Required fields are markedmarked