Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

Digital bots are becoming increasingly common. They operate in fields such as customer service, search engine optimization, and entertainment. Yet not all bots may serve good intentions – many of them can be malicious. Hackers sell malware bot logs on various bot markets, creating threats you couldn’t have imagined. What are bot markets, and how do they work? Find out in the video below.

The anatomy of a bot

Once malicious software has been installed on the victim’s computer, it creates stealer logs or documents where it collects all the stolen data. Like a well-trained dog, the virus sniffs through the computer and detects valuable information about the victim and their hardware. All the stolen data creates a person’s digital identity.

hand cookie web theft


Cookies are small data points that web servers send to your browser. These data blocks help each website remember your information and personalize your browsing experience. For example, if you allow a website to detect your location, it will recall this preference the next time you visit the site.

By stealing your cookies, the malware could gain access to different platforms you use. Although cookies don’t display any passwords directly, they may contain authentication or session tokens that store your logins. Simply put, the hacker could install stolen cookies onto their browser and log in to your accounts, avoiding two-factor authentication.

digital fingerprint hands smartphone

Digital fingerprints

Digital fingerprints are identifiers your browser and device leave behind when surfing through a website. Fingerprints may include a broad spectrum of information, starting from your device settings (such as screen resolution, default language, and time zone) to your online identification (like IP address, browser preferences, and plugins).

After grabbing such data, cybercriminals might breach your privacy and bypass defensive mechanisms put in place to authenticate you. On average, 2% of stolen data logs contain digital fingerprints.*

man smartphone hack weak security


We connect to various websites daily: social media and email accounts, music and film streaming platforms, you name it. In most cases, users keep all logins and passwords on their browsers. No one to blame – it’s a time-saving choice.

Also, it might be perfect prey for malware. When the virus attacks your device, it may grab logins saved within all of your browsers. How can a hacker use them? For instance, imagine that malware stole the login and password of your food delivery app account. The hacker can then easily place orders and enjoy meals you pay for.

On average, each bot log contains 54 stolen logins.

screenshot laptop malware hacker


What files do you save on your desktop? Would you want anyone to see them? During a malicious attack, the virus might easily take a snapshot of your screen. Understanding such a breach of privacy is easy – just think of someone breaking into your bedroom and taking pictures of everything you have there. Not only that – sometimes malware may even be capable of taking a photo with your webcam.

autofill male computer passowrd account

Autofill forms

Autofill is another time-saver for many people. For example, in e-stores, instead of repeatedly typing all their contact details and credit card information, most users save such information in autofill forms.

Unfortunately, they may turn into your Achilles heel during a malware attack. An info stealer could collect your credit card information and other personal details. On average, one bot log contains two stolen autofill forms.

*The data provided in the visual is based on the Genesis market. The research shows that this bot market offers 24,153,964 stolen logins, 537,718 autofill forms, and 81,728 digital fingerprints.

Methodology of the research

The data about bot markets was compiled in partnership with independent third-party researchers specializing in cybersecurity incident research. No information that relates to an identified or identifiable individual was collected, reviewed, or otherwise involved when performing the research and preparing the study. Moreover, the researchers did not access the dark web. Data was received on September 29, 2022.

marketplace girl passwords bot market


The 2easy marketplace was launched in 2018. At first, it was considered to be smaller compared to other markets. Yet the situation has dramatically changed since then. Now, 2easy sells more than 600,000 stolen data logs from 195 countries.

  • The average bot log price in 2easy varies from $0.2 to $20.
  • The most affected countries by this market are India, Brazil, and the US.
  • According to SimilarWeb, around 30,000 users have visited the market’s website during the last 3 months. Most of them come from Russia, Luxembourg, and the USA.
  • This market operates on the surface web.

shopping basket cookie card passwords


The Genesis market became active in 2017. It’s a marketplace that offers the most advanced interface out of all bot markets. Genesis sells more than 400,000 logs from 225 countries.

  • Bot logs’ prices vary from $0.50 to around $40.
  • Italy, Spain, and France are the countries most affected by this market.
  • According to SimilarWeb, around 150,000 users have visited the Genesis website during the last 3 months. Most of the visitors come from the USA, Turkey, and France.
  • The Genesis Blackmarket is an invitation-only online store that hackers can access through the surface web.

shopping money marketplace coins

Russian market

The Russian market is the biggest bot marketplace. It sells more than 3,870,000 logs from 225 countries. The Russian market offers the easiest way to become a vendor. However, it is more dangerous as well.

  • Most of the bot logs in the Russian market cost from $0.50 to $10 per bot.
  • India, Indonesia, and Brazil are the most affected countries by this market.
  • Cybercriminals can access the Russian market through both the surface and the dark web after paying the registration fee of $20.
  • The dark web version is much more popular because hackers want to stay as anonymous as possible.

The business of selling bot logs

web vector cybersec malware dashboard
money hacker exchange
marketplace accounts passowrds credit cards
dangers social media card information
male credit cards leak phishing

How to keep yourself safe

Your digital safety depends on a few things: your online habits and the tools you use for protection.

Maintain digital hygiene

You should never click on suspicious links or download files from shady websites and torrent clients. They’re unsafe and illegal – in other words, a perfect nest for malicious software.

Use a password manager

You should avoid saving passwords in your browser – a virus could instantly steal them. We recommend using a password manager such as NordPass. It will protect your credentials with an extra layer of encryption.

Use threat protection

A threat protection tool blocks online trackers, scans files for malware, and stops potential malware attacks. Combined with a strong antivirus, this tool becomes a malware antidote you won’t regret having.

Store your documents securely

Save your files in an encrypted cloud like NordLocker. It’s an easy-to-use tool that ensures privacy and security for stored documents.

Wanna learn more about our digital life?
Check out our other research!

woman research

We spend nearly a third of our lives looking at devices

NordVPN began surveying citizens of different countries to learn about people’s digital habits. We’ll continue to update the numbers as more results come in. Here’s what we’ve found out so far.

Find out more
card security thief

How thieves get payment card data

Our analysis uses data provided by independent researchers to see just how widespread payment card data theft can be. Find out how thieves can get card details without ever even stealing them.

Find out more
card metaverse survey

Would you join the metaverse?

Eighty-seven percent of people surveyed are concerned about how the metaverse could affect their privacy. They think it might be easy for hackers to impersonate others (50%) and users’ identities won’t be legally protected (47%).

Find out more

Contact us

For more information on this in-depth cautionary research report, contact us below!