A hacker group named InTheBox has listed nearly 2,000 Android phishing kits that can breach banking accounts and crypto exchanges for sale on the dark web.

me

 

A hacker group named InTheBox has listed nearly 2,000 Android phishing kits that can breach banking accounts and crypto exchanges for sale on the dark web. 

 Injects from these kits are being sold for as little as $30.


  • InTheBox has sold Android mobile application web injects since February 2020 and operates a Tor-based online shop for web injects.
  • The list of web inject packages that are being sold online has:
    • 814 web injects compatible with Alien, Ermac, Octopus, and MetaDroid for $6,512.
    • 495 web injects compatible with Cerberus for $3,960.
    • 585 web injects compatible with Hydra for $4,680.
  • The threat actor also offers custom web inject packages that can be used to deploy banking malware bots and steal financial information from victims. 
  • InTheBox's injects check the validity of the credit card numbers entered by victims using the Luhn algorithm.
  • These inject packages can be used to target organizations in 44 countries.

Post a Comment

Previous Next

Contact Form