The underground Russian cybercrime market is evolving. Malware prices have fallen, while the sophistication level of products and services continue to rise – they now include translation and anti-spam proofing features.

That's according to the Dallas-based Trend Micro report "Russian Underground 2.0," which tracked and analyzed 78 forums, each with as many as 20,000 members.

The Russian underground is a place where cybercriminals can shop for all kinds of products and services that aid them in crafting and implementing malicious schemes.

"They no longer need to bother about developing code themselves," Max Goncharov, research author for Trend Micro, said.

Meanwhile, the prices of cybercrime products and services available on underground Russian forums continue to fall. For example, generic spamming services dropped from $13 in 2011 to $1-3 in 2014. But such marketplaces are thriving more than ever, in part because they help attackers quickly and affordably organize their efforts.

The segmented Russian marketplace contains different groups that aid criminals, focusing on varying areas of expertise. The forums, according to Trend Micro, contain 38 types of cybercrime goods and services. These include mobile fraud, DDoS attacks, social engineering and command-and-control services, plus spam, Trojan malware, rootkits and ransomware.

Other new and optimized services include automated shell script uploading and selling services, professional translation to ensure targeted attacks are successful and anti-spam proofing to bypass filters.

When it comes to cards, the report observed automation in the process of checking cards, seeing balances or checking validities, and revealed card fraud is a one-click process.

Criminals also sell money laundering schemes for as much as $50,000, which often include the option to hide money in various ways, such as by purchasing flight tickets, booking hotels or renting expensive villas.

Trend Micro detected parties that offer to receive proof-of-identity calls made by banks in a specific language; drop-as-a-service offerings, which speed up the process of cashing stolen credit cards; and to sell log files from compromised computers in one gigabite-plus increments.

The report also revealed that within a botnet, users who have full access to large servers can also gain access to log files and extract information such as passwords. They can even buy and sell log files – even parse log files, if they can.

"We've seen a trend where cybercriminals agree to process big data in order to extract interesting information," Goncharov wrote.

Most cybercriminals are after money, and especially in poorer regions of the world, cybercrime is a lucrative business, Ondrej Krehel, founder/principal of cybersecurity intelligence firm LIFARS, explained.

"The laws are loose, and most of the time they do not have to worry about getting prosecuted, which further motivates them," Krehel.

Plus, there is no extradition law in Russia, making the country a safe haven for cybercriminals.

"Besides money, cybercriminals are often after personal information that can be sold or abused for fraudulent purposes," Krehel said. "This includes credit card numbers, addresses and social security numbers."

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).