Best Top Reviews Online

The Largest Mobile Malware Marketplace On The Dark Web Poses A Global Threat To Users

Researchers in cybersecurity have uncovered a darknet marketplace called InTheBox that caters specifically to mobile malware operators.

Since at least January 2020, the actor behind the criminal storefront is believed to have been selling more than 400 custom web injects organized by geography to other adversaries seeking to launch their attacks.

“The automation enables other malicious actors to place orders for the most recent web injects for use in mobile malware,” Resecurity explained.

“InTheBox is the largest and most likely the only company in its market category to provide high-quality web injects for prevalent forms of mobile malware,”

Web injects are financial malware packages that utilize the adversary-in-the-browser (AitB) attack vector to serve malicious HTML or JavaScript code in the form of an overlay screen when victims launch a banking, crypto, payments, e-commerce, email, or social media app.

These pages typically resemble a legitimate bank login page and entice unsuspecting users to enter sensitive information such as credentials, payment card data, Social Security numbers (SSN), and card verification values (CVV), which are then used to compromise the bank account and commit fraud.

InTheBox is accessible via the Tor anonymity network and offers a variety of web inject templates for sale, with the listing accessible only after the administrator has verified and activated the customer’s account.

Web injects can be purchased for $100 per month or at the “unlim” tier for an unlimited number of injects during the subscription period. Costs for the unlimited plan range from $2,475 to $5,888 depending on the trojans supported.

Alien, Cerberus, ERMAC (and its successor MetaDroid), Hydra, and Octo are among the Android banking trojans supported by the service, the California-based cybersecurity company said.

The majority of high-demand injects are associated with payment services, such as digital banking and cryptocurrency exchangers, according to researchers. “During November 2022, the actor arranged a significant update of approximately 144 injects to improve their visual design.”

Cyble disclosed a new malware-as-a-service (MaaS) operation called DuckLogs, which costs $69.99 for lifetime access and gives threat actors the ability to harvest sensitive data, hijack cryptocurrency transactions, and remotely take control of machines.

Why Trust Us?

Best Top Reviews Online was founded in 2018 to provide our readers with thorough, unbiased, and independent advice on what to buy. We now have millions of monthly users from all over the world and evaluate over 1,000 products per year.

The article above was written by the BestTopReviewsOnline team, which includes many of the US’s most knowledgeable technical experts. Our team includes well-known writers with extensive experience in mobile phones, computing, technology, photography, and other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
380K Kubernetes API Servers Exposed to Public Internet

May 20, 2022

More than 380,000 of the more than 450,000 servers hosting the open-source container-orchestration engine for managing cloud deployments permit access in some form. Researchers have discovered that more than 380,000 Kubernetes API servers provide access to the public internet, making…

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of