A Threat Called Malice: Cybercriminals Walk a Dark Gray Line

retail cyber threats dude on building feature

Cybercriminals are finding it too easy to hack in with Malice (photo credit: Yeshi Kangrang on Unsplash)

Cybercriminals operate in the shadows and prey on unsuspecting individuals. The latest major network exploit our threat researchers have been investigating is called “Malice.” It provides  fraudsters and everyday people with tools and resources for committing witting and unwitting cybercrimes.

Malice has garnered a significant following, with over 50,000 members and nearly 30,000 Twitter followers. The network operates by exploiting vulnerable individuals through social media, recruiting them into its network as cybercriminals and offering access to resources such as virtual credit cards, proxy providers and bots for $60 per month. These resources allow Malice members to bypass security measures put in place by merchants and enable easy bot attacks.

What is Malice?

Malice is the latest example of a trend that took off in a big way in 2022: Cybercrime-as-a-Service (CaaS). We’ve observed it firsthand. Until last year, attackers were primarily single fraudsters using automated attacks, like malicious bots, going after specific high-value targets. That has changed, dramatically. Even this early in 2023, our threat research and SOC teams are battling these organized CaaS “businesses.” They attempting to attack merchants as a proxy on behalf of individual fraudsters.

We’re not talking about one or two attacks; our team sees them rise and fall like dominos. When a CaaS “business” realizes its services are defeated, new efforts are spun up. The next cadre of cybercriminal developers take the reins and then fail. This creates a massive “rinse and repeat” cadence of automated volumetric attacks.

Malice: A “Gateway Drug”

Malice and its CaaS brethren have created a very low barrier to entry for anyone with an inkling to profit by illegal means. In particular, it’s a gateway drug for cybercriminals. On the other side of the coin, merchants now face a very high barrier to entry for in-house security efforts. This is due to the easy availability of these extremely advanced off-the-shelf CaaS solutions.

One particularly concerning aspect of the network is its ability to exploit legal loopholes to operate without facing consequences. Malice is wily, operating in a very (dark) gray area. While it isn’t building bots and deploying attacks itself, it provides the resources to train and make it easy for anyone to use them. This makes Malice a highly dangerous adversary of merchants and consumers, who don’t realize what they’re doing may be illegal.

Examples of Malice

Malice has been known to profit off high-value items such as concert tickets and new sneaker releases. Recently, a popular artist announced a tour where ticket prices ranged from $75 to $300. Many cybercriminals in the Malice network saw an opportunity for a quick profit. With the help of its resources, they fraudulently purchased tickets., which were then resold at much higher prices, some going for as much as $1,200. And that runs afoul of the BOTS Act, which was signed into law in 2016.

Malice also seeks out collectible items to resell for a profit. The group’s access to resources such as bots and proxy providers allows members to buy up items as soon as they’re released, often before the general public.

One example of this is the recent release of a popular new sneaker retailing for $130. With Malice’s resources, members were able to get real-time alerts on their phones about the sneaker’s release. This granted them direct access to the product as soon as it went live. They were then able to buy up and resell the sneakers for up to $1,000.

Another example is Legos. Malice told members to buy the new Lego Eiffel Tower set that came with a free, collectable gift. They were told to return the set and keep the collectible gift for two to three years and sell it after the value spiked.

The Cost of Malice

Malice causes major losses for businesses who have to refund fraudulent purchases or absorb the costs of chargebacks. Additionally, the time and resources needed to investigate and resolve fraudulent activity is very costly and hits the bottom line. Malice’s actions also damage a merchant’s reputation, affecting customers’ trust in their ability to protect PII and financial information.

Malice is a well-organized community, providing members with a variety of resources to help them carry out cybercrimes. This included video walk-throughs and detailed guides on how to commit fraud and other illegal activities. Malice members then exploit unsuspecting individuals and turn them into fraudsters. Businesses lose money, and unknowing people commit crimes they may not have otherwise considered.

To protect against Malice and other similar groups on the dark web, be aware of the threat and take steps to safeguard yourself and your customers. This may include implementing strong security measures, monitoring for unusual activity and educating employees and customers about the dangers of cybercriminals. By staying vigilant and proactive, you can help protect yourself and your customers from these dangers.

Kevin Gosschalk is founder and CEO of Arkose Labs