

Are Mobile Messaging Apps the New Dark Web?

Alon Arvatz
October 25th, 2017
Subscribe to our blog and stay up to date
Most people think of the dark web as the most dangerous section of the internet -- a mysterious place that hosts illegal and nefarious activity. Only the most tech savvy can access it, and their identities are protected by networks like TOR and i2P.
However, this may be changing. The recent closings of popular black markets AlphaBay and Hansa awoke dark web denizens to the fact that their playground isn’t as private and anonymous as they thought.
So where are cyber criminals going to take their activities now that the dark web doesn’t offer the same protections it once did? As shown in our new Mobile Threat report social media groups and messaging apps are quickly becoming a credible alternative. Why these forums? For one, they are open to nearly anyone, so activity conducted on them isn’t inherently suspicious. And more importantly, even if they are shut down, their ubiquity means that a group can easily be restarted -- again and again and again.
The report includes a full breakdown of the mobile platforms that could become the ‘new dark web.’ Based on our findings, we estimate that anywhere from tens of thousands to hundreds of thousands of users of mobile messaging apps like Telegram, Whatsapp, Skype and ICQ abuse their services and use them for trading stolen credit cards, stolen account credentials, malware and drugs, as well as exchanging hacking methods and ideas. Hackers are also making use of a messaging app called Discord, which is notorious for malware distribution.
How Do We Know This?
IntSights conducted an analysis of invite links, which consists of scraped data found on thousands of black markets, paste sites, hacking forums, IRC channels, messaging apps, and social media pages. The results show a consistent rise in the number of invite links shared on dark web platforms in the past year. By a wide margin, Discord had the most..
Traditional networks like TOR are also popping up more on mobile platforms, as evidenced by an increase in installs for ORbot, the TOR mobile application. Moreover, a new Russian black market offers a mobile application for its services, suggesting that even TOR-based black markets might be moving to mobile.
What Does it Mean?
While cybercriminals of the past had to have basic knowledge of the dark web to take part in illicit activities, all it takes to access today’s black market is the tap of a finger on a smartphone. This could easily result in a proliferation of low-level cybercrime conducted by amateur perpetrators.
Read our full report to learn how different mobile platforms are being used to conduct illegal trade and cyber-criminal activity. IntSights will continue to monitor these trends and provide further updates as needed.

Alon Arvatz
Alon Arvatz is Sr. Director of Threat Intelligence Product Management for Rapid7. He joined Rapid7 in July 2021 following its acquisition of IntSights, which he co-founded and led as Chief Product Officer. As the visionary leading IntSights’ product and service strategy — including product development, threat research and intelligence gathering operations — Alon is now a key contributor to the Rapid7 product roadmap. Prior to founding IntSights, Alon was co-founder and CEO of Cyber-School, an educational program offering several cybersecurity related courses to teenagers. Alon is also a veteran of an elite cybersecurity intelligence unit within the Israel Defense Forces (IDF), where he led and coordinated global cyber intelligence campaigns, gaining vast experience and knowledge working in one of the most innovative operational settings in the world.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.