There are a few methods that bad guys can acquire zero-day malware:
1. They can buy it on the black market.
2. They can produce it themselves.
3. They can take it from a legitimate company or individual.
4. They can discover it in the wild.
The most typical manner in which lawbreakers acquire zero-day malware is by buying it on the black market. There are a variety of black markets that sell zero-day malware, and the rates can vary depending upon the need and the elegance of the malware.
Lawbreakers can also produce zero-day malware themselves, although this is less common. In order to do this, they would need to have a mutual understanding of computer security and exploits.
Another way that wrongdoers can acquire zero-day malware is by stealing it from a legitimate business or individual. This can be done by hacking into a business's network and stealing the malware, or by social engineering a company or individual into providing the malware.
Lastly, bad guys can find zero-day malware in the wild. blog here When a security researcher finds a new vulnerability and composes an exploit for it, this usually takes place. The researcher may then offer the make use of to a criminal group, or the exploit may be leaked online.