Cybercrime groups are increasingly running their operations as a business, promoting jobs on the dark web that offer developers and hackers competitive monthly salaries, paid time off, and paid sick leaves.
In a , which analyzed 200,000 job ads posted on 155 dark websites between March 2020 and June 2022, hacking groups and APT groups seek to hire mainly software developers (61% of all ads), offering very competitive packages to entice them.
The highest-paying job seen by Kaspersky’s analysts included a monthly salary of $20,000, while ads for capable attack specialists topped at $15,000/per month.
Hacking groups also seek to fill other roles, including data analysts, malware and tool developers, initial compromise actors, reverse engineers, website and phishing email designers, malware testers, and IT administrators.
The median pay for IT pros ranged between $1,300 and $4,000 per month, with designers receiving the lower amounts and reverse engineers being positioned at the higher end of the median pay spectrum.
In one-third of the job postings, the recruiters offered candidates full-time employment, and an equal percentage allowed a flexible schedule.
In some cases (8%), the remote workers would be offered paid vacation and sick leave, which shows that some dark web employers care about making their proposals as attractive as possible.
These “employment” packages are quite competitive compared to similar positions in legal job markets and could attract unemployed professionals or young IT graduates who are having trouble finding a job.
“It is worth noting that the risks associated with working for a dark web employer still outweigh the benefits,” warns Kaspersky.
“The absence of a legally executed employment contract relieves employers of any responsibility. A worker could be left unpaid, framed or involved in a fraudulent scheme.”
The highest volume of ads was posted during Q1 2020, which coincides with the massive changes brought upon the workforce by the COVID-19 pandemic. A second spike was recorded between Q4 2021 and Q1 2022.
A not-so-typical hiring process
As part of the hiring process, cybercriminal recruiters conduct test assignments created to determine an applicant’s level of competency in the claimed field.
In some cases, the recruiters also look into the provided CV or portfolio, and in one out of four postings, there’s an interview session conducted with the job seeker.
In characteristic examples spotted by Kaspersky, one job posting promised to pay candidates roughly $300 in BTC for a test assignment.
Another job offer laid out a multi-step screening process where the candidate would be asked to encrypt a test DLL in 24 hours, making it fully undetectable by AVs (max of 3 minor AV runtime detects).
As cybercrime enterprises adopt business-like operations, we will continue to see the dark web as a recruiting tool for threat actors looking for a stable income.
Some software developers may see these opportunities as a lifeline during difficult times of political unrest, poor economies, or a lack of job opportunities in their region.
However, it is vital to understand the potential risks of working for a dark web employer, ranging from being scammed to getting framed, arrested, prosecuted, and imprisoned.