The business of malware

Malware isn’t just bad software but the focus of a growing criminal industry. Find out how it works, and how it’s making millions

If you think malware is the product of a bunch of hackers hoping to cause some disruption or make a fast buck, think again. These days, malware is a mature and growing business a serious criminal enterprise involving networks of developers and criminal organisations. Right now, there are teams working on new malware kits and exploits with the aim of selling them on to groups and organisations, so that they can use them for their own criminal or political ends. This is a global industry worth millions or even billions of dollars, and one that touches more and more of us every year.

How, then, do the authors and users of malware make their money? Well, on the one hand you have the various fraudulent or otherwise criminal ways that cybercriminals extract money, either from ordinary members of the public or from businesses and public services. On the other hand, you have a maturing underground service industry that's providing products and cyber-capabilities to other criminals, gangs and even nation states. Between them, they've created a powerful malware ecosystem; one built to exploit every opportunity in an increasingly connected, always-online world.

Making money from Malware

From ransomware to extortion to advertising rackets and straight-up theft, there's no shortage of ways that cybercriminals can put malware to use.

Advertisement - Article continues below
Advertisement - Article continues below
  • Identity theft and financial crime: While a growing amount of bank account and credit card theft involves phishing attacks or social engineering, Trojans, keyloggers and other forms of spyware still played a part in the 5.4billion lost in the UK through identity theft every year. Cybercriminals use these malware tools to recover log-in credentials and either steal money directly from your bank account or order goods and services for themselves. They may also use your identity to set-up new loans or credit agreements in your name.
  • Partner networks and shopping fraud: Here browser hijackers and other forms of adware continuously direct or redirect you to sites that sell goods or services. In some cases these are actual stores selling software, services or actual goods. In other cases, they're offering  counterfeit goods or incredible but non-existent bargains in the hope of stealing your payment card information along the way. Either those behind the stores distribute the malware, or rely on the services of a third-party distributor who gets paid for the traffic they bring in.
  • Click fraud: With click fraud the aim isn't so much to defraud affected users as to defraud online media and advertising networks. Malware is used to create a botnet' of infected PCs, mobile devices or increasingly simpler connected devices such as routers, IP cameras and Internet of Things (IoT) devices. The bots then click' on online adverts, boosting revenue for the blog or website that hosts them. New variants do the same thing for Twitch channels, with the botnets watching streams to boost a channel's cashflow or chatting in a channel's chat section.
  • Fake security: In this variant of the classic shoeshine scam, malware or an infected website informs end-users they have malware, then charges for a tool to get rid of it. As you might guess, the tool actually includes more malware, which may be used to infect other systems on the network or for identity theft.
  • Extortion: Now we're onto big-time criminal activity. In some cases, criminals may create or rent a botnet to unleash a coordinated Distributed Denial of Service (DDoS) attack on a company, threatening disruption to their business unless a fee is paid. In other cases they may use malware to infiltrate a network and steal corporate or personal data, threatening the business with exposure unless it pays up.
  • Ransomware: Arguably the biggest growth area in modern malware. Ransomware infiltrates a system and then blocks access to the system and/or encrypts vital data. To get their systems and data back again, the company or user has to pay a fee, which may be anywhere between $100 to $400 (75 to 300) for an individual user to several million for a large corporation. A 2015 study by TrustWave claimed that cybercriminals using ransomware could earn up to $90,000 (67,000) a month, while 2017 research from Google suggests that global profits from ransomware had reached $2.5million (1.86million) per month over the last two years. Hit the right target, and the payout could be even bigger. In June 2017 Nayana, the South Korean webhost, agreed to pay a $1million (750,000) ransom to unlock its computers.
Advertisement - Article continues below

Malware as a Service

The criminals that put malware to direct use are supported by a fast-growing industry of hackers and developers that provide malware services, either through Darknet forums and marketplaces or through underground websites that, with surprising polish, offer malware and associated services in the same way that a legitimate business might sell webhosting or cloud storage. Some even offer after-sales service, helpdesks and customer support.

Beyond criminals, there's even evidence that some nations or their security services pay for malware or hackers' services, either for espionage or as a means of disrupting other nations. For instance, it's widely believed that the North Korean and Russian governments have sponsored malware used to attack businesses or utilities in South Korea and the Ukraine.

These services might include:

Advertisement - Article continues below
  • Ransomware kits: Want to get started in the ransomware racket, but don't have the technical skills to build your own? You can buy an off-the-shelf kit with an easy-to-use dashboard and start your attacks straight away. Kits might cost anywhere between $175 and $6,000 (130 to 4500), but that's a small investment if you can achieve a $90,000 (67,000) monthly turnover. Alternatively, the Ransomware creator may simply want a percentage of the ransom, using affiliate schemes like those used by legitimate Web businesses. It's estimated that some schemes, like those based on the Cerber ransomware family, have netted the original developers an average of $1million (750,000) p.a.
  • Malware Kits and Exploitkits: Malware developers make a lot of money developing toolkits for criminal use. Malware Kits come with the files and instructions needed to package malware in documents or emails. Exploit Kits are designed to sit on a compromised site or a webserver, then scan any systems that connect to that server for any vulnerabilities that can be used to infect that system with malware. Some kits are available for purchase, while others may be rented, with upgrades and support thrown in, for hundreds of dollars per month.
Advertisement - Article continues below
  • Botnet herding: Here, malware is used to create, manage and control multiple botnets, which the malware service provider can then sell or lease to interested parties. Many will be used for targeted DDoS attacks, brute-force hacking attempts, spam distribution or click fraud and Twitch fraud. Renting out a botnet could bring in anywhere between $200 (150) and $2000 (1500) a month, depending on the number and capabilities of the bots. At one point Georg Avanesov, mastermind of the Bredolab botnet, was earning over 100,000 Euros (at the time 80,000) a month.

Malware is a big business with opportunities for massive profits, so it's no wonder that the developers, hackers and criminals involved put so much effort into targeting businesses and individuals and the applications that they use. It's also why it's so important that organisations protect themselves with the right network and endpoint security strategy; one that protects their systems against infection and enables them to recover quickly from attacks. After all, when malware is a growing industry, you don't want your business to fuel its growth.

Find out how to keep your business safe from hackers like The Wolf...

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

HP Spectre x360 13-aw0053na (2020) review: A diamond in the rough

18 Feb 2020
mergers and acquisitions

Xerox turns to public stocks in merger war with HP

12 Feb 2020
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020

Most Popular


How to use Chromecast without Wi-Fi

5 Feb 2020
artificial intelligence (AI)

AI identifies 11 earth-bound asteroids

18 Feb 2020
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Business operations

HP shareholders invited to come dine with Xerox

17 Feb 2020