Password Hacking Tool Custom Files
Numerous password cracking software tools are only a Google search away even on the normal web. Legitimately useful for improving server security by discovering weak passwords, they can also be used maliciously.
Requiring proper configuration for each target, enterprising hackers are selling files containing customized settings for pretty much any app or website you can think of, from email and social media to gaming and online shopping. Each one will typically set you back just $1.96. We collated a list of brands that we found with such files advertised but there’s many more appearing daily.
Keylogger
Simple yet effective software that captures every keystroke on your computer. Keyloggers can be installed a number of ways, including remotely, and are used by scammers to grab login credentials and fraudulently access online accounts. The average price on the dark web for keylogger software was just $2.07.
Phishing Pages
Phishing involves fraudulently attempting to obtain personal information by pretending to be a trusted entity, such as a popular website or financial institution.
Phishing has long been one of the most common ways cybercriminals steal both online account credentials and what’s known as “fullz”, or the full package of identifying information that enables identity theft.
We found that ready-made phishing pages for the world’s most popular consumer brands proliferate on the dark web, driving the price down to a near-uniform $2.07. We noted that the only brands to cost more than this were Apple, more than double the price at $5.11 and Netflix at $3.54 suggesting the greater value of their customers to scammers.
WiFi Hacking Software
This software is intended for testing and improving the security of your wireless network by brute forcing passwords and sniffing the data being broadcast. It may be illegal to use it on a network without permission from its owner but that won’t stop hackers determined to steal your data.
It’s possible to access such software for free on the normal web, so dark web vendors sell cheaply ($3) and tend to offer bundles including additional resources and even customer support to tempt buyers.
Bluetooth Hacking Software
The Bluetooth hacking software we discovered had a very specific purpose: to hack smartphones and call premium numbers, racking up the cost on victims’ accounts. The average cost was $3.48.
Note, the more typical type of Bluetooth hacking tends to be done via hardware gadgets sold on the clear web.
FBI/NSA Hacking Tools
The series of leaks of U.S. intelligence agency cybertools in recent years[1] has put some extremely powerful hacking tools in the public domain and arguably led to an increase in cybercrime. Massive bundles of this professional-grade software are being traded for the price of a beer ($5.64), despite notionally being worth thousands of dollars.
We discovered listings offering tools that among other things could:
- Retrieve deleted texts from smartphones
- Bypass lockscreens
- Find passwords to encrypted backups
- Extract data from cloud services
- Decrypt items protected by BitLocker, TrueCrypt and other encryption services
- Retrieve passwords from numerous applications
Cryptocurrency Fraud & Miner Malware
Cryptocurrency, such as Bitcoin or Monero, is very attractive to cybercriminals due to its potential for anonymous transactions and rocketing value. We found two types of malware relating to crypto: tools for either stealing it or creating it.
Malware, or malicious software, tends to be implanted on victims’ computers to cause mischief of some kind. The crypto fraud malware we found sells for $6.07 and promises to steal a target’s Bitcoin, currently trading at over $7,800 at the time of writing.
As there is no central bank issuing new notes, cryptocurrencies are instead created by “mining”, ie the performing of calculations required to verify transactions.[2]
It becomes exponentially more difficult to do this as miners compete to complete the calculations, so the more processing power you have, the more currency you can generate. One way to cheaply scale up processing power is to infect as many people as possible with mining malware and run the process in the background on multiple machines.
The malware we found was for Monero rather than Bitcoin as it’s less valuable – it was trading at $141 at the time of writing – and therefore easier to mine. Nevertheless, this malware commands an average of $73.74 on the dark web, and sometimes much more than that.
Hacking Software
This is a catch-all category that includes other kinds of hacking software not covered elsewhere in our index. It includes tools for checking credit card balances, phone passcode bypassers and a tool for hacking PCs via RDP (Remote Desktop Protocol).
Remote Access Trojan
This particularly nasty strain of malware allows a hacker to take full control of your computer. Not only can the hacker log all your keystrokes and access private files in order to commit identity theft and defraud you, but it’s unfortunately also common for voyeurs to use these so-called RATs for webcam spying.
We found several listings for the notorious and extremely powerful Blackshades RAT [3] that’s believed to have infected over half a million devices. This trojan also allows hackers to include infected computers in a botnet. We also found RATs for use on the Android operating system. The average cost for these powerful tools was just $9.74.
Anonymity Tools
Rookie hackers can pay to cover their tracks with a range of anonymity software tools that trade for an average of $13.19. These include custom web browsers, such as the heavily modified version of Firefox dubbed FraudFox VM,[4] and crypters, tools that disguise malware as benign files. We also found anonymous SMS and phonecall spoofers for use in scams, each costing less than $1.
Forgery Templates
We found a wide range of digital templates for bank statements, utilities, passports, pay stubs and driving licenses with detailed guides on how to use them effectively. The typical price for these digital files was $13.97, reflecting their value when used in combination with stolen personal data to open lines of credit.
Carding Software
When used with cheap and readily available hardware, this very powerful software allows con artists to clone credit and debit cards and changes hands for an average of $44.37. It sells for over $2,600 through official channels.
Password Hacking Software
We found a wide pricing spectrum for password cracking software. The most expensive was over $750 for a computer program designed to crack accounts at a popular Canadian loyalty program that’s already been the subject of a high-profile attack.[5] More common were programs designed to brute force passwords for social media, with Facebook and Instagram heavily targeted, and more general account crackers promising access to Netflix, Spotify and Amazon among others, costing well under $10.
Malware
Among the malware we found (costing $45 on average) were custom instances of ransomware that will lock up your computer, permanently encrypting its contents unless a ransom is paid. Vendors boasted that their malware was undetectable by antivirus and could be customized based on your own preferences. We also found the Blackhole exploit kit for sale, a method of spreading malware and once described as the most notorious malware of its kind.[6]
Fraudulent Accounts
A vital part of a successful cyber scam will often be a secure destination for the ill-gotten gains, whether that be an unsuspicious online payment account or a postal address with no connection to the fraudster. This is reflected in the relatively high cost of such items on the dark web at $145 on our index.
We found listings for Swiss Post accounts claiming to be fully verified and “not hacked – nobody knows about their existence, so you can use them securely”. We also found aged and verified Paypal business accounts and other similar accounts.
Cell Tower Simulation Kit
These kits may set you back up to $50,000 but they are incredibly powerful devices, known as IMSI-catchers or more colloquially as “stingrays”.[7] They are typically used by police and intelligence services to secretly intercept mobile phone traffic.
A hacker with a stingray could spoof a mobile phone tower sending out signals that forced nearby devices to connect, identify themselves and send texts and calls through the fake tower. This kind of dragnet would scoop up an incredible amount of data for a hacker to take advantage of.
Guides
Thanks to the dark web, lack of knowledge or technical experience is no barrier to successfully committing cybercrimes. Not only are the hacking tools themselves available for pocket change but manuals to committing these deeds are also similarly cheap and easy to access.
As well as step-by-step guides on how to hack accounts or infect people with malware, we also discovered exploits for sale. These listings were sometimes very expensive (over $9,000 in one instance) and promised to share details of vulnerabilities that would net the buyer many thousands of dollars profit.
Other more disturbing guides advertised methods for targeting the young userbase of popular video game Minecraft for infection with the remote access trojans discussed above.