A more flexible development approach is allowing malware developers to offer criminals customised attack packages.
Researchers with security firm Trusteer said that over the last several months, malware writers have begun to adopt an 'a la carte' pricing system in which custom features and behaviours can be bundled into malware attacks.
According to researchers, the pricing options can add or remove hundreds of dollars to the cost of a piece of malware and can allow criminals to create specialised payloads which are highly focused and targeted in nature.
"Criminals are no longer bound by rigid malware configurations designed to conduct specific exploits at specific institutions," Trusteer researchers wrote.
"Criminals can now specify the precise exploit and target institution that they believe will maximise their ability to successfully commit fraud."
According to the researchers, malware writers are offering specialised versions of common infections such as Zeus which harvest user account data. When purchasing the infection, customers are able to request special features such as the ability to harvest one-use passwords to scan for account balance data.
The result, say researchers, is a new class or customised and more affordable malware infections on the market and in the wild.
"This latest development in 'webinject' marketing illustrates how the underground marketplace is following traditional software industry pricing schemes by offering a la carte and complete “suite” pricing options," the researchers said.
"Unfortunately, buying high quality 'webinjects' is getting easier and more affordable, which opens the door for more criminals to get into the business of online banking fraud."
Facebook told by Brussels-based court to stop tracking non-users and to delete all data held on them
Supply chain and manufacturing experience could give Dyson an important edge
New VR Zone Portal arcades open in London and Tunbridge Wells
Systems-on-a-chip with integrated AI features could make voice and facial recognition