Report: Malware, stolen IDs top items for sale on dark web

Stolen identities and easily deployable malware are among the items most commonly found for sale on the dark web, according to an as-yet unpublished new report by Virginia-based cybersecurity startup SurfWatch Labs.

According to the report, obtained by FedScoop Monday, the five most common items for sale, are, in no particular order: stolen generic credentials, stolen identities complete with passport and/or financial information, intellectual property sometimes in the form of original source code, supply chain threats and hacking tools.

Supply chain threats, in this context, relate to risks faced by third-party partners and vendors. If, for example, a web hosting provider is compromised, then its customers may also be exposed to attack — even though the stolen data belonged to someone else.


Screenshot from Nucleas marketplace


The dark web is an area of the internet that can only be reached using the anonymous Tor browser, which bounces encrypted traffic around between volunteer nodes on its network, making its origin virtually untraceable. Dark web addresses generally end in .onion, and are famous for hosting criminal marketplaces like the notorious Silk Road, shut down in 2014.

[Read more: Memex: Law enforcement’s search engine for the dark Web]

To determine the most popular items for sale, SurfWatch Labs monitored activity on five of the most prominent dark web marketplaces: AlphaBay, Dream Market, HANSA Market, Valhalla and TheRealDeal Market.

In an interview with FedScoop, SurfWatch Labs chief security strategist Adam Meyer said that the report findings were in line with his team’s expectations based on “how malicious actors are operating currently.

“All of these items have become commodities that are easily monetized and it is important to remember that cybercrime is a business, typically one with a high return on little effort … When you peel back the onion layers on the data, you will find that users being loose with their credentials, poor password hygiene in regards to strength and password reuse, operations folks being loose on vulnerability management in their high exposure areas contribute significantly to threat actors being successful,” said Meyer.


Among other interesting hacking tool “products” for sale on the Dark Web, SurfWatch Labs discovered a new way to hack into Apple’s iCloud. The price for this iCloud exploit totals $17,000.


Nucleas marketplace screenshot

“The cybercrime-as- a-service model has segmented the market so that actors can specialize in their own field, whether that is running a botnet, creating exploit kits or stealing credentials. All types of cybercrime tools and services are available — for a price,” the report reads.

Meyer said that stolen credentials are the most popular item purchased and sold on the Dark Web for two reasons. He explained that “a credential opens up the door to many areas.”

“Depending on the asset you are able to gain entry to with a stolen credential, you can steal more data, commit fraud, enable social engineering efforts and use data to authenticate across to other areas. Couple that with poor user password hygiene and we are making it really easy for an actor to accomplish their goal,” said Meyer.


Publication of the SurfWatch Labs Report — titled “Top 5 Items for Sale on the Dark Web, and What Businesses Can Learn From Them” — comes just two months after Nucleus was shut down.

At one point in time, Nucleus was the second largest dark web marketplace in existence, according to SurfWatch Labs; hosting tens of thousands of listings for a variety of illicit goods and services.

To contact the reporter on this story you can send him an email via or follow him on Twitter at @Bing_Chris. Subscribe to the Daily Scoop to get all the federal IT news you need in your inbox every morning at

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts