COVID-19 tests, PPE and antivirual drugs find a home on the dark web

By | 5:13 AM Leave a Comment

Criminals have been quick to adapt to the global coronavirus pandemic. Sophos threat researchers have shown how cybercriminals have taken advantage of COVID-19 in myriad ways, and the FBI has warned us about criminals profiteering with advance fee and business email compromise scams.

But what’s happening on the dark web, the scene of so much illegal trade?

Empire Market is one of the most popular places to buy illegal goods on the dark web, transacting a little over $1,000,000 a week. It is also one of the few prominent dark web markets that hasn’t banned the sale of pandemic-related goods.

I went there to see what impact the coronavirus is having.

Antiviral drugs

Empire Market has over 52 thousand listings across 11 categories, but the Drugs & Chemicals category dwarfs the others by an order of magnitude.

While recreational and common prescription drugs are a mainstay on dark web markets, there are a number of medicinal drugs that have been touted as prospective treatments for COVID-19. I wanted to see if drugs like hydroxychloroquine, remdesivir, favipiravir, lopinavir and ritonavir were on sale.

In total, I found 49 listings for chloroquine or hydroxychloroquine on Empire market.

Hydroxychloroquine for sale on the dark web

(Three vendors have subsequently been banned from the market, and one vendor’s listing is currently unavailable.)

The vendor who posted the most ads for hydroxychloroquine on Empire, a total of 33, claims to have an unlimited supply and will sell you a whopping 9,000 pills for $1,194.

There was one listing for favipiravir, by a vendor who also offered hand sanitizer and an ‘asbestos protection kit’ re-purposed to protect against COVID-19.

The same vendor also had a listing for lopinavir and ritonavir, a combination antiviral commonly used for the treatment and prevention of HIV/AIDS, now being researched as a possible treatment for COVID-19.

I was only able to find two additional listings for the drugs lopinavir and ritonavir and only one verified sale.

Finally, there was one vendor who could allegedly provide this COVID-19-fighting mega-pack!

COVID-19 'mega pack' for sale on the dark web

Most of the drugs on offer appeared to be legitimate products manufactured by genuine pharmaceutical companies, but some were clearly scams.

Recreational drugs

On 30 May 2019, there were 24,569 listings in Empire Market’s Drugs & Chemicals category. A year later there are over 34,000. This amounts to a year-over-year increase of roughly 42%. Since markets make their money by taking a cut of every transaction, and for Empire this cut is 4%, that’s some healthy revenue growth!

With growth like that, the illicit drugs trade on the most popular dark web market doesn’t seem to have suffered during the pandemic.

What is new, however, is pandemic-themed sales.

Empire Market currently has many listings that feature either Coronavirus or COVID-19 as a reason for discounts in what looks like a once-in-a-lifetime Black Friday sale.

Coronavirus-themed sales on Empire Market

What’s unclear is whether these discounts were being offered because the vendors were afraid that business might dry up, or because they anticipated a dramatic surge in orders as a result of movement restrictions.

Diagnostics

Next, I started looking into other items that are only on the market as a direct result of the pandemic, starting with at-home COVID-19 rapid test kits.

COVID-19 testing kits for sale on the dark web

I found several examples of COVID-19 rapid test kits being offered on Empire and was able to identify that six of the nine different kits found are being legitimately manufactured (of course what – if anything – is actually delivered to you may be different).

One of the pictures provided an opportunity to do a bit more digging – the packaging in the photo featured a logo and a domain name.

The site it linked to seems to have existed under at least three different domain names since 9 March 2020. When I first visited the site it was also selling testing kits, and the same products were also available on a sister site with a similar name. All four domains associated with this seller were registered in March and three of them are a variation on the phrase “corona safe”.

I contacted the site for details about the testing kits, such as proof of certification and origin but did not receive a response.

Of course there’s nothing wrong with registering domains with the words corona or coronavirus in them, but it is a red flag. There has been an explosion in coronavirus-themed domain name registrations since the start of the pandemic, many of which are being used for malicious purposes.

The sites have since stopped offering at-home testing kits for sale, but their Facebook, Instagram and Twitter pages are still promoting them through a prize draw.

PPE

There is a smattering of listings for PPE (personal protective equipment) on Empire Market, most of which are for face masks. The masks varied in protectiveness from simple surgical masks to N99 masks. Prices ranged from tens of dollars for one mask to thousands for boxes of masks.

PPE for sale on the dark web

I also found two offers for hand sanitizer and one for a commercial disinfectant, but couldn’t find any gloves or gowns, except for the asbestos protection kit I mentioned above.

Whilst some of these may be scams, there is no doubt that many of them are real. Like many of the prescription drugs on offer, they will likely have been stolen from warehouses or diverted during shipping. And of course, any mask that’s for sale on Empire Market isn’t available for resource-strapped healthcare workers, and is driving up the price of what’s left of the limited supply PPE.

And of course, if these products are bogus, or sub-standard, the protection they offer may not be adequate and may put the wearer at increased risk.

Fraud

The pandemic-themed sales don’t only apply to physical goods like drugs, testing kits or PPE. Vendors of digital goods have also been getting on the coronavirus bandwagon. These vendors are selling access to guides on how to commit fraud.

Pandemic-themed digital goods on the dark web

Some of the offers are for products that will help you profit directly from the pandemic, rather than because of it.

These guides have always been available but now that everyone is spending more time at home, perhaps the vendors are hoping to cash in on the opportunity to enlist more remote workers. We cannot overlook the fact that many people have lost their primary income due to the pandemic and some may turn to running these scams simply as means to pay their mounting bills.

Conclusion

The impact of COVID-19 on Empire Market has been limited, in terms of the number of products being offered. However, it is one of the few prominent markets that has not banned the sale of pandemic-related goods outright and is apparently happy to profit from the coronavirus. As other markets are setting restrictions on the sale of many of the products featured above, for Empire Market, it’s business as usual.

Latest Naked Security podcast


from Naked Security https://ift.tt/3gxA2Ao

0 comments:

Post a Comment