·
Bot markets:
How hackers sell your online identity
Digital bots are becoming increasingly common. They operate in fields such as customer service, search engine optimization, and entertainment. Yet not all bots may serve good intentions – many of them can be malicious. Hackers sell malware bot logs on various bot markets, creating threats you couldn’t have imagined. What are bot markets, and how do they work? Find out in the video below.
The anatomy of a bot
Once malicious software has been installed on the victim’s computer, it creates stealer logs or documents where it collects all the stolen data. Like a well-trained dog, the virus sniffs through the computer and detects valuable information about the victim and their hardware. All the stolen data creates a person’s digital identity.
Cookies
Cookies are small data points that web servers send to your browser. These data blocks help each website remember your information and personalize your browsing experience. For example, if you allow a website to detect your location, it will recall this preference the next time you visit the site.
By stealing your cookies, the malware could gain access to different platforms you use. Although cookies don’t display any passwords directly, they may contain authentication or session tokens that store your logins. Simply put, the hacker could install stolen cookies onto their browser and log in to your accounts, avoiding two-factor authentication.
Methodology of the research
The data about bot markets was compiled in partnership with independent third-party researchers specializing in cybersecurity incident research. No information that relates to an identified or identifiable individual was collected, reviewed, or otherwise involved when performing the research and preparing the study. Moreover, the researchers did not access the dark web. Data was received on September 29, 2022.
2easy
The 2easy marketplace was launched in 2018. At first, it was considered to be smaller compared to other markets. Yet the situation has dramatically changed since then. Now, 2easy sells more than 600,000 stolen data logs from 195 countries.
The average bot log price in 2easy varies from $0.2 to $20.
The most affected countries by this market are India, Brazil, and the US.
According to SimilarWeb, around 30,000 users have visited the market’s website during the last 3 months. Most of them come from Russia, Luxembourg, and the USA.
This market operates on the surface web.
The business of selling bot logs
The most popular types of malware that steal and gather data include RedLine, Vidar, Racoon, Taurus, and AZORult. RedLine is the most prevalent of them all. For example, in the Russian market, it takes more than 60% of the whole marketplace. According to TechRadar, RedLine has recently been used to hack the 2K Games helpdesk platform. The attackers opened fake support tickets and then shared RedLine malware in the reply section.
Malware divides the information extracted from each victim into separate folders. Then the owner of the virus places these packets of scrapped data (bot logs) in the marketplace and puts a price on them. It differs depending on the information that the stolen log includes. For instance, if the malware managed to grab the victim’s credit card credentials, such a bot log may have a higher price than the one which includes less important credentials.
All researched markets manage transactions only in cryptocurrencies. In the Genesis market, users can filter their search to find the data they are looking for (for example, logins for a Netflix account). Next to each bot log, a customer can see what stolen data it includes, when the log was updated, and what the price is. After making the payment, a user receives the stolen data. The 2easy and Russian markets have more or less similar payment procedures and bot search filters.
The short answer to both questions is cybercriminals, in most cases. The spectrum of buyers is broad, from ransomware groups who organize cyberattacks to individuals who seek to compromise someone they know.
With the information grabbed by infostealers, hackers can do much harm. For example, after malware steals credit card information or online banking credentials, cybercriminals can use the victim’s account for their own benefit. They could also expose their victims’ private conversations, photos, and browsing history. Such information could be used in social engineering schemes. Alternatively, attackers might delete or lock all of the victim’s accounts (such as Netflix, Spotify, or Steam.)
How to keep yourself safe
Your digital safety depends on a few things: your online habits and the tools you use for protection.
Maintain digital hygiene
You should never click on suspicious links or download files from shady websites and torrent clients. They’re unsafe and illegal – in other words, a perfect nest for malicious software.
Use a password manager
You should avoid saving passwords in your browser – a virus could instantly steal them. We recommend using a password manager such as NordPass. It will protect your credentials with an extra layer of encryption.
Use threat protection
A threat protection tool blocks online trackers, scans files for malware, and stops potential malware attacks. Combined with a strong antivirus, this tool becomes a malware antidote you won’t regret having.
Store your documents securely
Save your files in an encrypted cloud like NordLocker. It’s an easy-to-use tool that ensures privacy and security for stored documents.
Contact us
For more information on this in-depth cautionary research report, contact us below!