Thanks to the buzz generated over the widespread adoption of the decentralized P2P based E-currency, Bitcoin, we continue to observe an overall increase in international underground market propositions that accept it as means for fellow cybercriminals to pay for the goods/services that they want to acquire.

In this post, I’ll profile yet another recently launched E-shop selling access to thousands of malware-infected hosts, which compared to the previous E-shops that we’ve profiled, is directly promoting the use of ransomware, click fraud facilitating bots and bitcoin mining tools on the malware-infected hosts purchased through the service.

More details:

Sample screenshot of the international underground market advertisement of the E-Shop:


The price for international malware-infected hosts is either $5 or $8 for a 100 hosts. The price for 500 malware-infected hosts is either $20 or $40, and the price for a 1000 international malware-infected hosts is either $30 or $60, based on the type of access that the customer requires. The shop is also exclusively offering access to U.S based hosts, which, as always, command the highest prices of the Eshop. 100 hosts go for $20, 500 hosts go for $70, and 1000 hosts go for $120. The service accepts Bitcoin, Litecoin, Perfect Money and Web Money, with Perfect Money and Web Money being the primary payment methods for the majority of Russian/Eastern European cybercrime gangs.

The cybercriminals behind the service are also attempting to apply Quality Assurance to this international underground market proposition by ensuring their potential customers that once a malware-infected host gets sold to them, it will not be resold to someone else. Combined with the ability to install virtually any kind of additional malware in an attempt to monetize the access to the compromised hosts, there’s a high probability that the E-Shop will succeed in the early stages of its launch.

Do the cybercriminals that accept Bitcoin do it with OPSEC (Operational Security) in mind, or are they basically riding on the buzz wave surrounding E-currency? It’s surreal to think that these novice cybercriminals are OPSEC-aware, taking into consideration the fact that in addition to these virtual currencies, they continue to accept PayPal for their cybercrime-friendly products and services. For example, this E-shop also accepts PayPal from trusted and respected community members only.

As always, we’ll keep an eye on more E-shops selling access to malware-infected hosts and post updates as soon as we come across to the next one.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This