Metaparasites: The cybercriminals who rip each other off

Shocking news! It turns out that you cannot trust criminals.

Graham Cluley
Graham Cluley
@[email protected]

Metaparasites: The cybercriminals who rip each other off

Shocking news! It turns out that you cannot trust criminals.

That’s obvious, of course, but maybe criminals themselves are also guilty of being a little too trusting of others – and getting scammed as a result.

Researchers at Sophos presented an investigation at Black Hat Europe this week into so-called “metaparasites” – the scammers who scam other scammers.

Sophos’s Matt Wixey and Angela Gunn described their research as:

“…a novel investigation into scammers who scam scammers and hackers who hack hackers, on three of the most well-established and prominent criminal marketplaces. We examine the size of this shadowy multi-million-dollar ecosystem; the motivations of metaparasites; how arbitration processes work; and what influence metaparasites have on the culture and operations of the marketplaces in which they operate.”

And there’s a lot of money to be made by targeting cybercriminals.

According to Sopbos, cybercriminals have lost over US $2.5 million to other scammers in the last 12 months, in just three underground forums.

Sign up to our free newsletter.
Security news, advice, and tips.

Scams can take multiple forms, including fake data leaks, blackmail, backdoored malware, and phishing.

The researchers even found 20 websites that had been created to imitate criminal marketplaces, “intended to trick users into forking over a $100 ‘activation fee.’”

Oh dear, what a shame, never mind.


And, perhaps unsurprisingly, there’s even evidence that some scammers who have been scammed go on to get their revenge by scamming the very people who scammed them (I hope you’re following this at the back…)

The problem of cybercriminals conning other cybercriminals has become so significant that underground forums even have dedicated “arbitration rooms,” where disagreements can be aired with the hope of resolution.


So, all of this is very amusing. And we like the idea that cybercriminals are conning each other rather than spending all their time targeting the innocent public – but is there anything else good that comes from this?

According to the researchers, yes there is:

“Metaparasites, inadvertently, provide an intelligence boon to analysts, allowing us to gain unprecedented insights into sales, operations, negotiations, and identifiers which would otherwise remain hidden – as well as into marketplace culture, differing levels of operational security, and susceptibilities to deception and social engineering.”

But we shouldn’t laugh too heartily, the researchers warn: “It’s not just threat actors at risk – also inexperienced researchers, journalists, the generally curious.”

Just so long as those exploring and researching the cybercriminal culture do not get duped themselves, I guess get a little comfort from the thought that cybercriminals are busy scamming each other rather than us.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.