underground-exploit-market
Hackers have sold secrets of zero-day exploits in the underground Dark Web marketplace such as the Silk Road and its various successors for years, and now a new deep web marketplace has appeared that offers anonymity protection to its sellers.

A new Dark Web market, called "TheRealDeal," has opened up for hackers, which focuses on selling Zero-Day exploits — infiltration codes that took advantage of software vulnerabilities for which the manufacturers have released no official software patch.

Yes, THE REAL DEE……..EAL

TheRealDeal Market, actually emerged over the last month, makes use of Tor anonymity software and the digital currency Bitcoin in an attempt to hide the identities of its buyers, sellers, and of course its own administrators.
Cybersecurity

TOR, a.k.a The Onion Router, is one of the most well-known Darknets, where it is harder to trace the identity of a user, as it doesn't share your identifying information such as your IP address and physical location with websites or service providers.

Unlike other Dark Web market sells stolen credit card details and low-level hacking tools…

...TheRealDeal focuses on premium data such as highly popular zero-day exploits, source codes, and hacking tools.
"Welcome…We originally opened this market in order to be a 'code market' — where rare information and code can be obtained," a message from the website's anonymous administrator reads. "Completely avoid the scam/scum and enjoy the real code, real information and real products."
Although TheRealDeal is still in its early stage, there are already a few number of services listed on the website, including a new method of hacking Apple iCloud accounts, as well as hacks against WordPress, Android, and Windows.

The Real Deal offers a real deal to its users:

The iCloud hack, which costs $17,000 in Bitcoin, claims to offer access to users' iCloud accounts. However, according to Wired, a working iOS exploit could sell for as much as $250,000 in year 2012. Also, The New York Times reported in 2013 that one had sold an iOS exploit to a government for $500,000.
"Any account can be accessed with a malicious request from a proxy account," the description of the iCloud hack on TheReaDeal website reads. "Please arrange a demonstration using my service listing to hack an account of your choice."
Moreover, other listed exploits on the dark web market include a method to hack WordPress CMS, an attack against Android's Webview stock browser, and an IE attack that works on Windows 7, Windows Vista and Windows XP, available for around $8,000 in bitcoin.

There is also an exploit that leaves over 70 Million Sites Vulnerable to Attacks:

Another exploit listed on the website claims to target the recent MS15-034 Microsoft IIS Remote Code Execution vulnerability that affected Windows 7, 8, and 8.1, Windows Server 2008 R2, 2012, and 2012 R2, leaving more than 70 Million websites vulnerable to cyber attacks.

However, Microsoft has patched the flaw this week by disabling IIS kernel caching. So, update your systems as soon as possible in order to patch this flaw.

Not just Exploits, but also:

Besides exploits, TheRealDeal market also sells countermeasures against potential financial fraud, Remote Access Trojans (RATs), drugs and weapons, which you would have seen on every typical dark web market.

For security purpose…

...TheRealDeal works on a multi-signature model that involves the buyer, the seller and the administrators. This simply means that the bitcoins are held at an address jointly controlled by the trio and the transactions need to be approved by two out of the three parties before funds are transferred.

At this time, nobody can guarantee that the TheRealDeal is not a scam and that it will not disappear or shut down like Sheep Marketplace and more recently Evolution, absconding with Millions of dollars from the users of the dark web market.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.