There are a couple of manner ins which criminals can get zero-day malware:
1. They can buy it on the black market.
2. They can develop it themselves.
3. They can take it from a genuine company or individual.
4. They can find it in the wild.
The most typical way that wrongdoers acquire zero-day malware is by buying it on the black market. There are a variety of black markets that sell zero-day malware, and the prices can differ depending on the need and the sophistication of the malware.
Criminals can also create zero-day malware themselves, although this is less typical. In order to do this, they would need to have an excellent understanding of computer system security and exploits.
YOURURL.com Another manner in which crooks can get zero-day malware is by taking it from a genuine company or person. This can be done by hacking into a business's network and taking the malware, or by social engineering a company or individual into providing them the malware.
Lastly, lawbreakers can discover zero-day malware in the wild. When a security researcher finds a new vulnerability and composes an exploit for it, this typically occurs. The researcher may then offer the exploit to a criminal group, or the exploit may be leaked online.