What at first glance looks like an ordinary online store (with “buy” buttons, drop-down menus by country and operating system, and even customized packages) is actually one of the most sophisticated platforms for distributing malware on demand. From there, anyone with malicious intent can pay to infect computers or phones in Mexico, the United States, Europe and beyond, all with just a few clicks.
This model is part of an increasingly widespread trend: malware on demand. With just 100 pesos, it is possible to order the infection of a real device without the need for technical knowledge, connections with criminal networks or programming skills. All that is needed is to know where to look.
Accessibility, low cost and the possibility of targeted attacks are taking cybercrime to a new stage, where anyone can become an attacker. How does this service work, how easy is it to access, and what risks does it pose for ordinary users and companies? In this article we answer these questions.
Installs.pro operates as a digital store, with real-time support and statistics
Installs.pro is run as a kind of “marketing platform”, but for completely illegal purposes. Instead of paying for clicks or registrations as in a normal digital campaign, here you pay for each device you manage to infect with a malicious file that you upload yourself.
The process is almost automatic. The client (i.e. the hacker who hires the service) uploads his malware to the site's control panel. It can be anything: a password-stealing stealer, a banking Trojan, a cryptocurrency miner or even a ransomware that locks files and asks for ransom.
After that, choose some details like:
The country where you want to infect (e.g. Mexico or USA).
The operating system (Windows, Android, macOS, etc.)
The number of devices you want to reach (e.g. 400)
How much you are willing to pay per installation (from 5 dollars per device)
Once everything is set up, the system takes care of the rest. It launches automatic campaigns with fake ads, spam or misleading notifications so that real users download and install the file without suspecting anything.
Read more: Hacker Who Doxed Sheinbaum Leaks Data on 17 Million Mexicans
Installs.pro is not a makeshift tool or something an amateur put together in his basement. It's a well-made platform, with everything you'd expect from a professional site... only it's at the service of cybercrime.
It has a web dashboard with its own shopping menu, real-time statistics, segmentation by country or victim type, Telegram support and, of course, accepts cryptocurrency payments. Everything works smoothly and automated.
In addition, they offer “premium” packages with eye-catching names, such as Crypto Navigator (especially for stealing digital wallets), SmartScreen Bypass (for bypassing Windows security filters), or B2B Mix (aimed at infecting computers within companies).
Prices range from $5 to $50 per installation, depending on the type of victim you choose and the malware you want to use. In other words: it's an illegal business, but it works as if it were a well-run digital marketing agency.
To deliver malware to victims' devices, Installs.pro uses a combination of well-known, but well-automated methods. This is not a hacker sending one-by-one emails, but a network that leverages digital tools in the style of a professional advertising campaign. Among their tactics are:
Paid ads on Google and Bing: Yes, they use real advertising to drive you to infected sites.
Fake PUSH notifications: Those alerts telling you to download something urgent... they are usually the bait.
Manipulated SEO: Pages that appear among the first search results, designed to deceive.
Spam emails: Massive campaigns that include dangerous links.
When someone drops and runs the file, the system counts it as a valid installation, and the customer (i.e. the hacker who hired the service) pays for that infection.
Read more: Why are phishing attacks still working in 2025?
Installs.pro does not create the malware. It only distributes it. The malicious file is provided by the customer, who may be an experienced hacker or simply someone who bought the ready-to-use malware on dark web forums.
The only thing the platform requires is that the file weighs less than 30 MB and is not detected by the most popular antivirus programs. If the system detects it as a threat from the start, the campaign is automatically cancelled. In short: you don't need to be an expert, just have the file and the money to launch a large-scale infection campaign.
Although these networks operate in the dark, their level of organization makes it clear that cybercrime is no longer the domain of a few lone hackers. They now operate like real companies, with systems designed to make money from crime in a big way, all over the world.
And the worst thing is that this is not something far away: it represents a real risk for users in Mexico and all of Latin America. The system allows you to choose specific countries to launch attacks, so anyone in the region can easily become a target.