Coronavirus scams on the darknet: Pt 1

Viruses on the darknet are nothing new. You can easily find vendors selling Bots, Password Crackers, Rootkits, Adware, Backdoor Access, Keyloggers, or any other form of Malware, Toolkits and Viruses (MTV) across a wide swath of forums and marketplaces. So, when you see the darknet exploding with discussions of a virus, one might not jump immediately to “infectious disease.”

However, the darknet is not all too far removed from mainstream society to ignore the pandemic we find ourselves facing. We’ve recently observed the emergence of coronavirus-related products, discussions, scams, and general hysteria across Tor, IRC, I2P, Telegram, and the like. Here are some examples of COVID-19 related ongoings amidst the recent outbreak.

“I sell my infected blood and saliva”

Thus far, we have come across at least one individual advertising the sale of live COVID-19. For $1,000, this enthusiastic vendor will allegedly ship you a biohazardous weapon in the form of their COVID-19 infected bodily fluids. Yikes. The only good news about this situation is that it is most certainly a scam.

Listing on Tor selling fluids infected with COVID-19 that appeared late February 2020

Listing on Tor selling fluids infected with COVID-19 that appeared late February 2020

Coronavirus vaccinations

Certain marketplaces and vendors are also claiming to have access to a vaccination for COVID-19. In the example below, a listing dated as having been posted last Saturday shows a vendor on Piazza (a darknet marketplace) offering to sell coronavirus vaccines AND antidotes to “serious buyers.”

Screenshot from DarkOwl Vision of a vendor on Tor selling “coronavirus antidotes and vaccines”

Screenshot from DarkOwl Vision of a vendor on Tor selling “coronavirus antidotes and vaccines”

Masks and hand-sanitizer

As eBay and Amazon conduct great efforts to scale-back sales of health and wellness products due to price gouging and fears of counterfeiting, the darknet is seeing a rise in listings for products in this category – including CDC-approved face masks.

Listing on Tor for Aura 3M and Farstar N95 surgical masks

Listing on Tor for Aura 3M and Farstar N95 surgical masks

DarkOwl Vision screenshot of a listing on Tor for medical-grade masks that includes a positive review from satisfied customers.

DarkOwl Vision screenshot of a listing on Tor for medical-grade masks that includes a positive review from satisfied customers.

Pricing for these masks has ranged considerably from what we’ve seen. The vendor in the screenshot below is selling a single mask for $342.00 (which was actually listed as at half-off its original price of $684.00 due to a promotion), while the vendor in the image above is selling 10 – 12 packs for around 30$.

DarkOwl Vision screenshot of a checkout cart showing a “VENUS N95 POLLUTION MASK” selling for over three hundred dollars.

DarkOwl Vision screenshot of a checkout cart showing a “VENUS N95 POLLUTION MASK” selling for over three hundred dollars.

There are also several listings for “stolen” masks. (It’s worth noting that this vendor also claims to have “african crafts and talismans with powers” for sale, and claims to be able to “blackmail anyone to do anything” for a price…so, probably not the most legit listing.)

DarkOwl Vision screenshot of a listing on Tor for 800 “stolen” “corona virus masks”

DarkOwl Vision screenshot of a listing on Tor for 800 “stolen” “corona virus masks”

Hand sanitizer has not appeared in the same measure, but given the amount of homemade recipes circulating the surface net, we imagine it is only a matter of time. We have found at least one listing for hand sanitizer, posted on Tor today (3/12/20).

CV_sanitizer.png

Coronavirus themed forums, discussions and channels

Overall, it would appear that the darknet is reacting fairly similarly to the rest of the internet. There is a palpable amount of fear, uncertainty, panic….and those willing to capitalize on it.

Take this individual, for example, who is using the opportunity to tout his marijuana pills as a preventative step towards contracting the virus (pictured below).

Screenshot of a vendor on Tor attempting to leverage COVID-19 as a means of selling their own product

Screenshot of a vendor on Tor attempting to leverage COVID-19 as a means of selling their own product

With the extent of questions, ideas and conspiracy theories to be discussed, it is not surprise that various COVID-19 specific darknet forums have emerged as hubs for the community, including a dedicated subdread.

Coronavirus subdread (of Dread forum on Tor)

Coronavirus subdread (of Dread forum on Tor)

CV-telegram.png

There are now also several Chinese coronavirus Telegram channels. While some seem to be just for general discussion, others appear to be tailored towards those under quarantine.

Considering that the Chinese government has reportedly been censoring terms related to COVID-19 on a WeChat, a popular chat app, it makes sense that Telegram has filled the gap to become a resource for open discussion about the COVID-19 pandemic.

Essentially, when it comes down it, what we’re seeing the most of, are people simply being human and wanting to talk about what’s going on.

What we’re watching for

As this global crisis continues to unfold, we’ll be keeping an eye on the darknet to see how the various severe social and economic measures being taken around the world to mitigate the spread of this virus, and to produce medical resources including testing kits and a vaccine, affect the darknet markets.

Will buyers continue to purchase items from marketplaces, without being sure of their country of origin? Will a potential scarcity in medical devices due to limited resources slow the production of the home-cooked drugs that most of these marketplaces are known for? We’re likely soon to find out, so be sure to check back for updates.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2022 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.