COVID-19 , Cybercrime , Fraud Management & Cybercrime

Darknet Markets Push Fake Coronavirus Vaccines, Test Kits

A New Study Shows Shady Markets Are Attempting to Capitalize on the Pandemic
Darknet Markets Push Fake Coronavirus Vaccines, Test Kits
This photo illustration accompanied a false advertisement on a darknet forum for a COVID-19 vaccine.

Researchers are seeing a spike in opportunism by fraudsters and cybercriminals seeking to profit from the COVID-19 crisis. Underground online markets are offering a range of pandemic-related goods, from face masks to fraudulent vaccines.

See Also: OnDemand | Overcoming the Limitations of Addressing Insider Threat in Banking: Real Solutions for Real Security Challenges

An advertisement on an underground online market that offers everything from LSD to semi-automatic rifles features a $400 "vaccine" for COVID-19 that ships from the U.S.

Scientists have embarked on an unprecedented worldwide effort to develop a vaccine or treatment regime, but have cautioned that development could take many months.

Study of Darknet Sites

A new Australian study released on Thursday is based on an investigation 20 darknet markets that was designed to gauge the opportunism around the pandemic. Darknet sites are set up as Tor hidden services. Such websites have a “.onion” URL and require use of the Tor browser, which is designed to provide greater anonymity while browsing by routing encrypted browsing requests through servers around the world.

The Australian Institute of Criminology’s study

The investigation, conducted by the by the Australian Institute of Criminology, found more than 200 listings for pandemic-related products, which include sought-after personal protective equipment, anti-viral medicine and other pharmaceuticals that have been floated as possible treatments for COVID-19.

The growing darknet activity that cybercrime analysts have seen is attempting to capitalize on the anxiety and confusion related to the pandemic. The activity includes profiteering, or the selling goods far above market value; the sale of fraudulent goods; as well as phishing campaigns and efforts to exploit the unprecedented work-from-home environment.

Earlier this month, Europol warned in a report that “this pandemic brings out the best but unfortunately also the worst in humanity.”

Darknet markets on Tor “are frequently used as a litmus test of illicit drugs and malware trends, as well as criminal novelty and entrepreneurship more generally,” says the Australian study, written by Roderic Broadhurst, a professor of criminology at Australian National University, along with Matthew Ball and Chuxuan Jessie Liang. “Crime follows opportunity, and the COVID-19 pandemic offers profiteering arising from shortages and fear."

What's for Sale?

The researchers studied the 20 sites on April 3, using a web crawler designed for Tor sites.

COVID-19-related products still represent only about 1% of what’s offered on the markets, according to the study. Just three of the darknet markets account for 85 percent of the more than 200 COVID-19-realted listings seen by researchers. Half of those listings were for personal protective equipment, with a third anti-virus or repurposed medicines.

About 10 percent of the listings revolved around supposed vaccines, tests and diagnostic equipment, including one listing for a ventilator. The researchers did not conduct test purchases to see if some of the products that conceivably could be genuine actually were.

Broadhurst tells ISMG that some drugs offered for sale may be genuine. On darknet markets, vendors are rated using eBay-like feedback systems from buyers, meaning that those who sell bogus goods are eventually shunned.

Drugs advertised include chloroquine and hydroxycloroquine, anti-malarial drugs that the U.S. Food and Drug Administration warned on April 24 have not been proven to be safe and effective for treating COVID-19.

Also for sale is azithromycin, an antibiotic; and favipiravir, an antiviral medication that has been used in Japan as a treatment for influenza. Both are under study as possible treatments for COVID-19, the study shows.

ISMG found one vendor selling 100 ml of blood plasma supposedly from a recovered COVID-19 patient. There is some hope that antibodies from recovered COVID-19 patients could hold promise for developing viable therapies.

An advertisment on a darknet forum for 100 ml of blood plasma from a recovered COVID-19 patient.

The vendor claims to have “multiple and reliable” friends who are doctors. The product, which supposedly ships worldwide from Sweden, is listed at 1,700 euros.

The listing contains details on how the plasma was sourced: “Whole blood collected by standard industry method using citrate based anticoagulant. Whole blood is pooled and then centrifuged. The resulting plasma is 0.45 micron filtered and lyophilized from the indicated volumes.”

Fraud and Crime, Pandemic-Style

The types of questionable products the Australian researchers discovered on darknet sites have been offered for sale elsewhere as well. Alex Holden, founder and CISO at Hold Security, says his firm’s analysts have seen an escalation in pandemic-related products or services that pivot off of the crisis.

One website sells what appears to be some sort of physical device that is claimed to protect against COVID-19.

Those include questionable coronavirus test kits, Holden says. “They [the sellers] show really legitimate looking components,” he says. “When people are desperate, they go for them.”

Perhaps one of the most disturbing offers seen by ISMG involved a Russian-language posting on a forum on April 2. A man claimed to have recently come back from China. For around 100,000 rubles, or $1,300, he claimed he will loiter around the public area of a competitor’s business. He then says he will self-report as coming back from China and possibly having COVID-19. Those who’ve been in the targeted business could then potentially be restricted by health authorities for 14 days of quarantine, and it’s possible the business would have to be temporarily shut down.


About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.