There are a couple of methods that wrongdoers can acquire zero-day malware:
1. They can buy it on the black market.
2. They can create it themselves.
3. They can take it from a legitimate company or person.
4. They can find it in the wild.
The most typical manner in which bad guys get zero-day malware is by buying it on the black market. There are a variety of black markets that sell zero-day malware, and the rates can vary depending upon the need and the sophistication of the malware.
Criminals can also develop zero-day malware themselves, although this is less common. In order to do this, they would need to have a mutual understanding of computer security and exploits.
Another manner in which criminals can get zero-day malware is by taking it from a genuine business or individual. This can be done by hacking into a business's network and stealing the malware, or by social engineering a business or individual into offering them the malware.
Finally, lawbreakers can find zero-day malware in the wild. When a security scientist discovers a new vulnerability and writes a make use of for it, this typically occurs. i was reading this The researcher may then sell the exploit to a criminal group, or the exploit may be leaked online.