loader gif

Cryptocurrency-stealing malware are making a big splash on the dark web

Bitcoin, Bitcoins, Finance, Coin, Technology, Stock Exchange, Vertical, Macro, Bit-coin, Shopping, Business, Arrangement, Horizontal, Close-up, Virtual Money, monetary, crypto, btc, Internet, Symbol, Sign, Digitally Generated Image, On Top Of, Modern, Metal, Coding, Banking, Electronic Banking, Large Group of Objects, No People, Photography, Cyberspace, Stock Market, Bunch, Paying, E-commerce
  • 34,000 cryptocurrency-related products found available on Dark Web with most specifically designed for amateur cyber actors.
  • Cryptocurrency exchanges found most vulnerable to attacks.


The dark web is a thriving underground world filled with illegal trades of malware, hacking tools and more. However, like any successful business platform, the dark web’s popular products evolve and shift with time.

Given the recent rapid rise of the value and popularity of cryptocurrencies such as Bitcoin, Monero and Ethereum among others, security researchers believe that cryptocurrency-stealing malware have now become the most sought-after products in the dark corners of the underground cybercrime souk.

According to a report by Carbon Black, around 12,000 dark web markets are now selling over 34,000 cryptocurrency-related products and services.

“These malware offerings range widely in price, from as low as $1.04, to as high as $1,000 per offering. The average listing price was $224, while the “sweet spot” for pricing was around $10,” Carbon Black researchers said in their report.

Researchers believe one of the reasons behind this rise in popularity is likely connected to the fact that all of the products and services offered are designed such that they can easily be used by amateur cyber actors looking to make “a quick buck from highly vulnerable victims”.

Preferences shift from Bitcoin to Monero

Although Bitcoin is still the most sought after cryptocurrency for conducting transactions, cybercriminals are now refocusing on alternative cryptocurrencies such as Monero, which is now used in 44% of all attacks, researchers said.

“While Bitcoin is king, our research revealed that cybercriminals shy away from Bitcoin when conducting illicit activity or accepting payments,” Carbon Black researchers noted.”The reason for this is simple: associated fees are too high, transactions take too long to process and criminals fear losing their ill-gotten gains. These cybercriminals appear to prefer Monero due to privacy, non-traceability and comparatively low transaction fees.”

Who’s being targeted?

Researchers believe that targets of cryptocurrency-related cybercrimes are selected based on their vulnerability status rather than their location. However, there are some location-specific hotspots across the globe where most cryptocurrency-related malicious activities have taken place over the past six months. The US, China, UK, Japan and India are among those countries where attacks were detected the most.

Cryptocurrency exchanges are some of the most vulnerable targets with 27% of all attacks having targeted exchanges. “These exchanges represent prime targets for cryptocurrency theft, fraud and harvesting of user information for follow-on targeting by these same criminals,” Carbon Black researchers said.

The report also stated that 21% of cryptocurrency attacks targeted businesses and 7% of attacks targeted various governments, using the same tactics, techniques and procedures (TTPs) that found leveraged in attacks targeting the private industry as well.

“We expect to see cryptocurrency theft and illicit mining activity expand in the mid-to-long term as security mechanisms and user awareness slowly catch up to the evolving threat,” Carbon Black researchers said. “These cryptocurrencies represent an alternative and lucrative funding stream, which is especially true for criminals, as well as nation-states desperately seeking to subvert sanctions. TTPs will evolve and adapt quickly, along with the dark web marketplaces that fuel the illicit economy. As attackers evolve, so must defenders.”

loader gif