On the Motivations and Challenges of Affiliates Involved in Cybercrime
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F22%3A00364588" target="_blank" >RIV/68407700:21230/22:00364588 - isvavai.cz</a>
Result on the web
<a href="https://doi.org/10.1007/s12117-022-09474-x" target="_blank" >https://doi.org/10.1007/s12117-022-09474-x</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1007/s12117-022-09474-x" target="_blank" >10.1007/s12117-022-09474-x</a>
Alternative languages
Result language
angličtina
Original language name
On the Motivations and Challenges of Affiliates Involved in Cybercrime
Original language description
The cybercrime industry is characterised by work specialisation to the point that it has become a volume industry with various "as-a-service" offerings. One well-established "as-a-service" business model is blackmarket pay-per-install (PPI) services, which outsource the spread of malicious programmes to affiliates. Such a business model represents the archetype of specialisation in the cybercrime industry: a mass of individuals, known as affiliates, specialise in spreading malware on behalf of a service. Extant literature has focused on understanding the scope of such a service and its functioning. However, despite the large number and aggregate effect of affiliates on cybercrime, little research has been done on understanding why and how affiliates participate in such models. This study depicts the motivations and challenges of affiliates spreading Android banking Trojan applications through a blackmarket PPI service. We conducted a thematic analysis of over 6,000 of their private chat messages. The findings highlight affiliates' labour-intensive work and precarious working conditions along with their limited income, especially compared to their expectations. Affiliates' participation in cybercrime was found to be entangled between legal and blackmarket programmes, as affiliates did not care about programmes' legal status as long as they yielded money. This study contributes to the literature by providing additional evidence on the downsides of work specialisation emerging from the cybercrime industry.
Czech name
—
Czech description
—
Classification
Type
O - Miscellaneous
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
—
Continuities
I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Others
Publication year
2022
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů