FacebookTwitterLinkedIn

Dark Web Drug Dealers Moving to Android Apps

Karolis Liucveikis Written by on

The Dark Web is not only the stomping ground of hackers and ransomware operators but several other criminal activities including drug dealing. It was estimated by the United Nations that the Dark Web drug market is now over 315 million USD annually and in 2022 it was estimated that annual sales on this illicit drug market came in at over 470 million USD. To say that using the Dark Web to sell drugs is profitable might be an understatement.

Now, following the crackdown by German authorities in 2022 on the then largest Dark Web drug marketplace Hydra, other marketplaces have looked to secure their operations against possible similar legal action been taken against them.

drug dealers move to android apps

In April 2022, German police seized servers and Bitcoin that belonged to Hydra. The police managed to seize 543 Bitcoin which at the time was approximately 25 million USD.

Researchers were able to estimate how big the Dark Web drug marketplace had become following the seizure of servers and cryptocurrency, and it's rather staggering. It was determined that there were 19,000 registered seller accounts that served at least 17 million customers around the world. It is little wonder several other marketplaces have risen in an attempt to grab that customer base.

According to a report by Resecurity, marketplaces are looking to move operations to specially crafted Android apps in an attempt to conduct transactions away from the eyes of law enforcement.

In the wake of the crackdown on Hydra, Resecurity has found 10 other marketplaces that are looking to fill the void left by Hydra and dominate the Dark Web drug dealing space. Researchers further stated,

“Over the summer 2022, most of these new markets were primarily fighting for brand recognition, much like a ‘cyber-90s’ type of environment. Notably, a dominating number of actors moved from Hydra to other marketplaces, and started leveraging alternative digital channels – customized mobile apps and Instant Messengers (IM) including Telegram.

Multiple groups registered on Telegram facilitating sales of illegal drugs were Identified. A the beginning of 2023 their number has been significantly increased what may confirm the interest of threat actors to migrate to mobile communications and more actively leverage IMs.”

A Drive for Better Operational Security

Returning to the use of Android apps, several of these marketplaces looking to fill the void left by Hydra has developed custom apps in an attempt to better serve those looking for drugs or the precursor materials used to manufacture drugs.

This is also believed to be an attempt to apply better security protocols to operations to prevent possible legal ramifications for breaking several laws. Researchers stated,

“Around the beginning of Q3 2022, multiple drug shops were identified in the Dark Web providing customers with a customized Android-based mobile app for purchases and secure communications, as well as sending instructions to couriers. The significance of this new trend is increasing OPSEC measures (of threat actors) and a visible shift from traditional communications channels to proprietary (developed by other actors operating in Dark Web). In such case, bad actors control communications infrastructure, may easily destroy/wipe it, as well as get rid of mobile devices.
Resecurity identified at least 7 underground drug shops providing Android-based mobile apps based on the same engine known as M-Club (CMS) in Dark Web, which may confirm the involvement of the same developer. This CMS has been developed specifically for drug traffickers and is currently marketed on major underground communities.”

The report certainly makes for interesting reading and Resecurity provides a summary of operations for the above-mentioned marketplaces. Looking at these marketplaces individually is beyond the scope of this article but researchers made some worrying conclusions resulting from their research.

One such conclusion is that there is the fear that so many new players in the market competing for dominance might lead to the deterioration of the quality of the narcotics or precursors might not be as it should. If this is the case, and other dangerous chemicals are added to the mix there is the possibility of fatalities.

The other important conclusion to consider is with the move to proprietary mobile apps law enforcement will need to develop new methods that enable efficient monitoring of the dynamically changing threat landscape and adjust their tactics accordingly.

In April 2022, German police seized servers and Bitcoin that belonged to Hydra. The police managed to seize 543 Bitcoin which at the time was approximately 25 million USD.

Researchers were able to estimate how big the Dark Web drug marketplace had become following the seizure of servers and cryptocurrency, and it's rather staggering.

It was determined that there were 19,000 registered seller accounts that served at least 17 million customers around the world. It is little wonder several other marketplaces have risen in an attempt to grab that customer base.

Law enforcement across the globe has been looking to crack down on this illicit trade. In March 2022, the US Justice Department convicted a leader of a Dark Web drug ring to eight years in jail. The district attorney summarised the problem by stating,

“The Dark Web is a rising threat to our communities and must be taken very seriously. Anonymous networks open the door for people, including our children, to order deadly amounts of illegal narcotics from anywhere in the world and have them delivered to their doorsteps. Le took advantage of this – at only 22-years-old, he used the Dark Web to organize a complex drug distribution operation that reached a nationwide customer base and an international network of suppliers,” said United States Attorney Rachael S. Rollins. “This sentence sends a clear message to Dark Web criminals: the federal government is entering this space. We will find you and you will be held accountable. Thanks to the incredible work of our law enforcement colleagues, there is one less cybercriminal hiding in the shadows.”

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal

Top Removal Guides
Latest News
Blog