There's a niche field of malware economics, but it makes sense that for-profit malware is ultimately a business, albeit an usually illegal one, which has to optimize just like any other app:
At some point, it would make sense anonymized malware (i2p, tor only) may go open source similar to commercial open source but instead because of scene cred / blackmarket consulting.
This is roughly what happened with several "exploit droppers" a few years ago. It wasn't pretty GitHub sites or open source blogs, but rather "leaked" versions of the software suites, missing nearly all of the actual exploits. Usually there'd be a couple of very old, widely patched exploits in there so you could see how it worked. People would download the stripped out version, play with it, then buy the actual exploit payloads/plugins.
Pretty interesting process to watch from the sidelines!
Pretty interesting process to watch from the sidelines!