Security News

Cybercriminal Groups Now Selling Malware Kits To Amateur Hackers For Less Than $10: HP Report

Jay Fitzgerald

The amount of stolen data on the dark web is so huge that compromised system credentials are selling for under $5, the report says.


Cyber-criminal organizations have become so professionally proficient that they’re now selling malware kits to amateur hackers for less than $10 and compromised system credentials for under $5, according to a new security report released Thursday.

In “The Evolution of Cybercrime,” HP Wolf Security, the new security platform arm of HP Inc., says a team of its investigators, along with researchers from Forensic Pathways, spent more than three months investigating the dark web and the cybercriminals lurking there.

The researchers said they analyzed more than 35 million cybercriminal marketplaces and forum posts to better “understand how cybercriminals operate, gain trust, and build reputation,” HP said in a press release.


In general, researchers found what others have discovered as well: cybercriminal organizations are becoming increasingly more professional and business-like in the way they run their illegal operations, such as actually advertising stolen data and other ill-gotten materials on the dark web..

But HP researchers said they were surprised how professionally proficient cybercriminal organizations have become, such as setting up entire vendor platforms, or marketplaces, to sell an array of “products,” such as malware kits, sensitive stolen data, compromised system credentials and other items.

The cybercriminal world has become so competitive among sellers, with ever more stolen data and information, that some prices have fallen to bargain-basement levels, researchers say.

Researchers found that 76 percent of malware advertisements listed, and 91 percent of exploits (i.e. code that gives attackers control over systems by taking advantage of software bugs) retail for under $10 in the dark web.

The average price of compromised Remote Desktop Protocol credentials is just under $5. That’s less than what many Americans are paying for a gallon of gas today, HP said in its press release.

The vast majority of those products are being sold to amateur hackers who don’t possess advanced coding skills, the report found.

“Vendors are selling products in bundles, with plug-and-play malware kits, malware-as-a-service, tutorials, and mentoring services reducing the need for technical skills and experience to conduct complex, targeted attacks,” the company said in statement.

In a video conference with journalists and others on Thursday, Alex Holland, senior malware analyst at HP, said the low prices being charged for stolen digital items stunned researchers. “It’s really incredible,” he said.

The low prices perplexed researchers at first, he said. But then they realized it all comes down to the old-fashioned supply-and-demand principle of economics: The large number of sellers and huge amount of data for sale on the dark web has been driving down prices for some, though not all, items.

“It’s about supply – abundant supply,” said Holland.

Another finding from the report is that there seems to be a sort of “honor amongst cyber-thieves” approach to dealings on the dark web.

“Much like the legitimate online retail world, trust and reputation are ironically essential parts of cybercriminal commerce,” according to the HP statement.

The report found that 77 percent of cybercriminal marketplaces analyzed required a so-called “vendor bond,” or a license to sell, that can cost up to $3,000.

And most marketplaces provide “third-party dispute resolution” services and even vendor feedback scores.

Researchers also found that cyberhackers also target popular software, such as the Windows operating system and Microsoft Office, in order to “get a foothold and take control of systems.”

Dr. Mike McGuire, a University of Surrey lecturer who has studied cybercrime and who took part in the HP study, said in the HP video conference on Thursday that cybercriminals may be advertising their ill-gotten digital gains on the dark web.

But he said most nitty-gritty negotiations between cybercriminal buyers and sellers are conducted “behind the scenes,” on what he calls the “invisible ‘net,” such as through private and encrypted messaging services. 

Learn More: Cybersecurity
Jay Fitzgerald

Jay Fitzgerald is a senior editor covering cybersecurity for CRN. Jay previously freelanced for the Boston Globe, Boston Business Journal, Boston magazine, Banker & Tradesman,, Harvard Business School’s Working Knowledge, the National Bureau of Economic Research and other entities. He can be reached at

Sponsored Post