Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

Digital bots are becoming increasingly common. They operate in fields such as customer service, search engine optimization, and entertainment. Yet not all bots may serve good intentions – many of them can be malicious. Hackers sell malware bot logs on various bot markets, creating threats you couldn’t have imagined. What are bot markets, and how do they work? Find out in the video below.

The anatomy of a bot

Once malicious software has been installed on the victim’s computer, it creates stealer logs or documents where it collects all the stolen data. Like a well-trained dog, the virus sniffs through the computer and detects valuable information about the victim and their hardware. All the stolen data creates a person’s digital identity.

hand cookie web theft

Cookies

Cookies are small data points that web servers send to your browser. These data blocks help each website remember your information and personalize your browsing experience. For example, if you allow a website to detect your location, it will recall this preference the next time you visit the site.

By stealing your cookies, the malware could gain access to different platforms you use. Although cookies don’t display any passwords directly, they may contain authentication or session tokens that store your logins. Simply put, the hacker could install stolen cookies onto their browser and log in to your accounts, avoiding two-factor authentication.

digital fingerprint hands smartphone

Digital fingerprints

Digital fingerprints are identifiers your browser and device leave behind when surfing through a website. Fingerprints may include a broad spectrum of information, starting from your device settings (such as screen resolution, default language, and time zone) to your online identification (like IP address, browser preferences, and plugins).

After grabbing such data, cybercriminals might breach your privacy and bypass defensive mechanisms put in place to authenticate you. On average, 2% of stolen data logs contain digital fingerprints.*

man smartphone hack weak security

Logins

We connect to various websites daily: social media and email accounts, music and film streaming platforms, you name it. In most cases, users keep all logins and passwords on their browsers. No one to blame – it’s a time-saving choice.

Also, it might be perfect prey for malware. When the virus attacks your device, it may grab logins saved within all of your browsers. How can a hacker use them? For instance, imagine that malware stole the login and password of your food delivery app account. The hacker can then easily place orders and enjoy meals you pay for.

On average, each bot log contains 54 stolen logins.

screenshot laptop malware hacker

Screenshots

What files do you save on your desktop? Would you want anyone to see them? During a malicious attack, the virus might easily take a snapshot of your screen. Understanding such a breach of privacy is easy – just think of someone breaking into your bedroom and taking pictures of everything you have there. Not only that – sometimes malware may even be capable of taking a photo with your webcam.

autofill male computer passowrd account

Autofill forms

Autofill is another time-saver for many people. For example, in e-stores, instead of repeatedly typing all their contact details and credit card information, most users save such information in autofill forms.

Unfortunately, they may turn into your Achilles heel during a malware attack. An info stealer could collect your credit card information and other personal details. On average, one bot log contains two stolen autofill forms.

*The data provided in the visual is based on the Genesis market. The research shows that this bot market offers 24,153,964 stolen logins, 537,718 autofill forms, and 81,728 digital fingerprints.

Methodology of the research

The data about bot markets was compiled in partnership with independent third-party researchers specializing in cybersecurity incident research. No information that relates to an identified or identifiable individual was collected, reviewed, or otherwise involved when performing the research and preparing the study. Moreover, the researchers did not access the dark web. Data was received on September 29, 2022.

marketplace girl passwords bot market

2easy

The 2easy marketplace was launched in 2018. At first, it was considered to be smaller compared to other markets. Yet the situation has dramatically changed since then. Now, 2easy sells more than 600,000 stolen data logs from 195 countries.

  • The average bot log price in 2easy varies from $0.2 to $20.
  • The most affected countries by this market are India, Brazil, and the US.
  • According to SimilarWeb, around 30,000 users have visited the market’s website during the last 3 months. Most of them come from Russia, Luxembourg, and the USA.
  • This market operates on the surface web.

shopping basket cookie card passwords

Genesis

The Genesis market became active in 2017. It’s a marketplace that offers the most advanced interface out of all bot markets. Genesis sells more than 400,000 logs from 225 countries.

  • Bot logs’ prices vary from $0.50 to around $40.
  • Italy, Spain, and France are the countries most affected by this market.
  • According to SimilarWeb, around 150,000 users have visited the Genesis website during the last 3 months. Most of the visitors come from the USA, Turkey, and France.
  • The Genesis Blackmarket is an invitation-only online store that hackers can access through the surface web.

shopping money marketplace coins

Russian market

The Russian market is the biggest bot marketplace. It sells more than 3,870,000 logs from 225 countries. The Russian market offers the easiest way to become a vendor. However, it is more dangerous as well.

  • Most of the bot logs in the Russian market cost from $0.50 to $10 per bot.
  • India, Indonesia, and Brazil are the most affected countries by this market.
  • Cybercriminals can access the Russian market through both the surface and the dark web after paying the registration fee of $20.
  • The dark web version is much more popular because hackers want to stay as anonymous as possible.

The business of selling bot logs

web vector cybersec malware dashboard
money hacker exchange
marketplace accounts passowrds credit cards

  • What malware do hackers use to collect data?

    The most popular types of malware that steal and gather data include RedLine, Vidar, Racoon, Taurus, and AZORult. RedLine is the most prevalent of them all. For example, in the Russian market, it takes more than 60% of the whole marketplace. According to TechRadar, RedLine has recently been used to hack the 2K Games helpdesk platform. The attackers opened fake support tickets and then shared RedLine malware in the reply section.

  • How do cybercriminals sell bot logs?

    Malware divides the information extracted from each victim into separate folders. Then the owner of the virus places these packets of scrapped data (bot logs) in the marketplace and puts a price on them. It differs depending on the information that the stolen log includes. For instance, if the malware managed to grab the victim’s credit card credentials, such a bot log may have a higher price than the one which includes less important credentials.

  • How does the process work in different markets?

    All researched markets manage transactions only in cryptocurrencies. In the Genesis market, users can filter their search to find the data they are looking for (for example, logins for a Netflix account). Next to each bot log, a customer can see what stolen data it includes, when the log was updated, and what the price is. After making the payment, a user receives the stolen data. The 2easy and Russian markets have more or less similar payment procedures and bot search filters.

dangers social media card information
male credit cards leak phishing

  • Who buys bots? Who sells them?

    The short answer to both questions is cybercriminals, in most cases. The spectrum of buyers is broad, from ransomware groups who organize cyberattacks to individuals who seek to compromise someone they know.

  • How can a cybercriminal use bots?

    With the information grabbed by infostealers, hackers can do much harm. For example, after malware steals credit card information or online banking credentials, cybercriminals can use the victim’s account for their own benefit. They could also expose their victims’ private conversations, photos, and browsing history. Such information could be used in social engineering schemes. Alternatively, attackers might delete or lock all of the victim’s accounts (such as Netflix, Spotify, or Steam.)

How to keep yourself safe

Your digital safety depends on a few things: your online habits and the tools you use for protection.

Maintain digital hygiene

You should never click on suspicious links or download files from shady websites and torrent clients. They’re unsafe and illegal – in other words, a perfect nest for malicious software.

Use a password manager

You should avoid saving passwords in your browser – a virus could instantly steal them. We recommend using a password manager such as NordPass. It will protect your credentials with an extra layer of encryption.

Use threat protection

A threat protection tool blocks online trackers, scans files for malware, and stops potential malware attacks. Combined with a strong antivirus, this tool becomes a malware antidote you won’t regret having.

Store your documents securely

Save your files in an encrypted cloud like NordLocker. It’s an easy-to-use tool that ensures privacy and security for stored documents.

Wanna learn more about our digital life?
Check out our other research!

woman research

We spend nearly a third of our lives looking at devices

NordVPN began surveying citizens of different countries to learn about people’s digital habits. We’ll continue to update the numbers as more results come in. Here’s what we’ve found out so far.

Find out more
card security thief

How thieves get payment card data

Our analysis uses data provided by independent researchers to see just how widespread payment card data theft can be. Find out how thieves can get card details without ever even stealing them.

Find out more
card metaverse survey

Would you join the metaverse?

Eighty-seven percent of people surveyed are concerned about how the metaverse could affect their privacy. They think it might be easy for hackers to impersonate others (50%) and users’ identities won’t be legally protected (47%).

Find out more

Contact us

For more information on this in-depth cautionary research report, contact us below!