Security Experts:

Connect with us

Hi, what are you looking for?



Pandemic-related Supply Chain and Money Laundering Woes in the Dark Web

Researchers have trawled the dark web to see how the underground is responding to the COVID-19 pandemic. The callous criminal effect has been obvious in the rise of corona-themed scams, phishing and malware — but individuals, shops and supplies in the underground are just as affected as their legal counterparts.

Researchers have trawled the dark web to see how the underground is responding to the COVID-19 pandemic. The callous criminal effect has been obvious in the rise of corona-themed scams, phishing and malware — but individuals, shops and supplies in the underground are just as affected as their legal counterparts.

Researchers from Trustwave have found that the underground mirrors the overground — some people seek to make money from the crisis, others ignore it, and still others offer genuine help, information and advice to forum members. Virtual shelves in the shops are stocked with new products, from disinfectants to masks at $10 each (almost certainly a scam), and even coronavirus vaccines (certainly a scam).

At least two vaccines were found. One, from a current stock of five, was offered for $120. The second was offered for ‘only’ $5,000 (with a ‘cure’ offered at $25,000). The higher-priced vaccine was supposedly from someone with access to an Israeli lab that is mass-producing it for distribution in the next ten months. But it is strictly payment (in bitcoin) before delivery: “There is no way to be in contact with me before buying. After the payment I will send you an email about the delivery process.” It mimics what seems to be a common attitude in the darknet: ‘why shouldn’t we take money from fools?’

But heartfelt advice is also offered, such as ‘Please don’t use your iPhone to self-diagnose COVID-19… I have seen one too many stories this weekend about seemingly healthy, young people being hit with COVID-19 and dropping dead within a week’s time…’. A specialist Cannabis store announced it was temporarily closing, and provided a link to harm reduction advice for substance users: “Be prepared for involuntary withdrawal… stock up on things you may need to manage your substance use and practice harm reduction.”

Even the ethics of making money off the crisis is questioned: “How do you feel about people who earn panic around the coronavirus (fake announcements on Avito, phishing, etc)?” The first response was, “To speculators and scammers, negatively.” But then, highlighting the nuanced attitude towards ethics that seems common in the underground, this person added that it wasn’t always wrong in all circumstances.

And just like the rest of us, underground forum members are hungry for genuine information. In one case a member had heard chatter on Facebook and WhatsApp “that the Irish Govt will be shutting down the country very suddenly from Monday morning.” Concerned about fake news, he asked, “Has anyone got some solid evidence of what’s going to happen in Ireland?”

Elsewhere, other underground members have tried to ease the stress of lockdown by sharing multiple links to free online exhibitions, courses and libraries — even with the warning, “Be careful – some services may deduct the full cost of a subscription after a free period.”

Perhaps the biggest single problem for the underground has been a similar shock to business. Some shops have closed while others struggle to maintain the supply chain on one side, and customers on the other. Some have taken a gung-ho attitude: “We are not afraid of corona epidemic. We are working!”

Others are more cautious. One asks for customers’ patience over slightly delayed deliveries, “so I can limit my time outdoors. Stay safe everyone! Wash your hands!” The same store warns of the longevity of the virus on certain surfaces. While stressing that the store owner wears gloves and a mask and uses alcohol when packing, he comments, “it would probably be wise to not eat your mushrooms for 9 days just to be safe.”

Money laundering through illiquid goods has suffered through the worldwide reduction in the circulation of goods. A common approach from the underground traders has been to carry on, but with new conditions. One approach is to continue trading, but at a reduced price for the goods. Another has been to switch payment from the receipt of the goods to the onward sale of the goods.

The picture of the dark web underground painted by Trustwave’s research shows an almost exact mirror of ‘legitimate’ society. It is a sub-culture of human beings responding to the pandemic and its effects in a manner similar to our own, but without the inhibition of respecting the law, and with a different view of morality and ethics. Like everyone else, they seek to counter a reduction in income by exploring other avenues to earn some money. Many are concerned over the welfare of their fellows. Some discuss the ethics of using a global crisis to scam people, while others believe there is little wrong in taking money from fools regardless of the circumstances.

But however humanizing this research may be, it is important to remember that for every member of the underground reacting in a manner that might seem reasonable, there are many others who are using pandemic fear for phishing, scamming, and malware distribution.

Related: Hacker ‘Ceasefire’ Gets Little Traction as Pandemic Fuels Attacks 

Related: A Guided Tour of the Asian Dark Web 

Related: Keeping it on the Down Low on the Dark Web 

Related: Meet Kilos, a New Search Engine for the Dark Web 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.


Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.