Cybercrooks charging more than the price of a new car for undetectable Mac malware Cybercriminals are attempting to flog a supposedly undetectable Mac malware strain on the dark web for 40BTC ($50,000) a pop. The Proton malware boasts capabilities including taking full control of macOS devices by evading antivirus detection, its sellers claim. Hackers offered to add an Apple-approved developer signature to …
> But I brought 40 Bitcoins last year for only $250 a coin. It's a bargain for those who thought ahead!!!!
Indeed, I at one point had 500 of the damn things, but sold almost all of them when they were £15 each. If I had only known....
Saying that, the 40 bitcoins they are asking depends on whether who is buying can make a profit. If someone thinks they can make more than 40 BTC of profit utilising the software, they will go for it and write off the cost against revenue (not unlike any other business). Any haggling to lower the price is just a benefit (and I am sure they would try).
Also, limiting access to the software means that very few whitehats will have a chance to reverse engineer and work on defeating it.
In some ways, it might actually be a scam. Claim to have amazing uber undetectable malware. Advertise it for $stupidly_high_price, perhaps claim you have sold a few licences already, and see if you can get the white hats to stomp up the dosh to buy a copy just to see what the threat is (especially if they haven't detected it in the wild, so might actually be "undetectable"). After purchase they find out it is useless (the malware equivalent of "Hello world" perhaps), and the seller is 40BTC richer for little effort.
Sure once the white hats publish their critique of the malware and say it is no threat and/or develop defences against it, no more sales will come, but still, it earned something initially. It isn't like you can ask for a refund if the software isn't fit for purpose, and I doubt it has a warranty attached to it.
I think we're perhaps being a little harsh here.
Clearly at these kinds of prices (perhaps the BAe of hackers) the sale is intended as a public service.
Sorry, to a public service.
Sorry, to a "service" paid for by the public.
Look, you're not allowed to know. It's only your money, now go away, there's a good chap.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
