See which types of malware sell best, how their asking prices fluctuate with demand, and why these trends matter.
When analysts from a cybersecurity firm examined the sales volumes of various malware families occurring between 2015 and 2022 via Dark Net discussion forums, posts and search ads (among other avenues of cybercriminal communications), ransomware sold via Malware-as-a-Service (MaaS) business models were found to be the most popular.
During the period of analysis, ransomware accounted for 58% of all malware families distributed under the MaaS model, likely due to the malware’s ability to generate higher profits in a shorter space of time than other types of malware. However, entering the program is no simple task, as it entails meeting rigorous requirements.
Under typical MaaS arrangements, cybercriminals can “subscribe” to Ransomware-as-a-Service (RaaS) for free. Once they become partners in the program, they pay for the service after the attack happens. The payable amount is determined by a percentage of the ransom paid by the victim, typically ranging from 10% to 40% of each transaction.
According to Alexander Zabrovsky, Digital Footprint Analyst, Kaspersky, which disclosed the research into MaaS: “Cybercriminals actively trade illicit goods and services, including malware and stolen data, over the shadow segments of the internet. By understanding how this market is structured, companies can gain insights into the methods and motivations of potential attackers.”
Two other popular MaaS vectors
After ransomware, Infostealers were the next most popular, accounting for 24% of malware distributed as a service over the analyzed period. Infostealer services are paid through a subscription model priced between US$100 and US$300 per month. For example, Raccoon Stealer, which was discontinued in early February 2023, could be acquired for US$275 per month or US$150 per week. Its competitor, RedLine, is priced at US$150pm, and there is also an option to purchase a lifetime license for US$900 dollars.
After infostealers, 18% of malware families being sold as a service are botnets, loaders, and backdoors. These threats are combined into one group since they often have a common goal: to upload and run other malware on the victim’s device.
“For instance, the price of loader Matanbuchus tends to vary over time. The price in June 2023 starts from US$4,900 per month. This type of malware is more expensive than infostealers: for example, the malicious code itself is more complex, and the operator provides all the infrastructure, meaning the partners don’t have to pay extra for bulletproof hosting services when they use Matanbuchus. It is worth noting that the number of subscribers to Matanbuchus is very limited, allowing attackers to remain undetected for a longer time,” Zabrovsky added.