A new dark web market has appeared, focused on the selling of 0-day exploit code. The market is called “TheRealDeal Market,” and although still in its infancy, there are already a few exploits listed.One exploit claims to target the recent MS15-034 Microsoft IIS Remote Code Execution vulnerability and comes with reverse shell and research information associated with it.
TheRealDeal uses the anonymity software Tor and the digital currency bitcoin to hide the identities of its buyers, sellers, and administrators.
.jpg)
But while some other sites have sold only basic, low-level hacking tools and stolen financial details, TheRealDeal’s creators say they’re looking to broker premium hacker data like highly sought-after zero-days, source code, and hacking services. In some cases, these are offered on an exclusive, one-time sale basis.
TheRealDeal focuses on premium data such as highly popular zero-day exploits, source codes, and hacking tools.
"Welcome…We originally opened this market in order to be a 'code market' where rare information and code can be obtained," a message from the website's anonymous administrator reads. "Completely avoid the scam/scum and enjoy the real code, real information and real products."
Although TheRealDeal is still in its early stage, there are already a few number of services listed on the website, including a new method of hacking Apple iCloud accounts, as well as hacks against WordPress, Android, and Windows.
TheRealDeal does offer countermeasures against potential fraud. Like the Silk Road and its ilk, it asks that all bitcoin transactions through the site be kept in escrow, so the payment can be returned to the buyer if the seller doesn’t deliver.
TheRealDeal goes further than many past markets in attempting to assuage its users’ fears that the market itself might attempt to steal their bitcoins.
It can’t pull the sort of “exit scam” other markets like Sheep Marketplace and more recently Evolution have, abruptly shutting down and absconding with millions of dollars worth of users’ coins.
TheRealDeal has no such restrictions. Its rules ban only child pornography and, strangely, services that offer “doxing,” the posting of specific users’ private information. But victims, if its anonymous form of zero-day sales catches on, will be just another part of the business model.
