Cybercriminals are selling people’s complete digital identities for just a handful of pocket change on bot markets, new research is showing.
According to a new report from NordVPN (opens in new tab), some cybercrooks are infecting users with bot malware which then harvests as much sensitive data on the victim as possible, including device screenshots, login credentials stored in the browser, cookies, digital fingerprints (screen resolution, device information, browser preference, etc.), autofill forms, and other information.
The data is then packaged and sold on bot markets, sometimes for just $6 per person. What’s more – the buyer gets a guarantee that the data is valid, and that it will be updated with new information as long as the target endpoint remains infected with malware.
Three markets, five infostealers
During its research, NordVPN analyzed three separate bot markets: the Genesis Market, the Russian Market, and 2Easy.
All of these were active and accessible on the surface web at the time of analysis. The most popular malware types and infostealers were RedLine, Vidar, Racoon, Taurus, and AZORult.
The researchers are saying that these marketplaces are extremely dangerous, as exploiting the sold data is relatively easy. With the help of cookies and passwords, threat actors can bypass security protections and establish a foothold in people’s social media and business accounts, and use the stolen identities to commit wire fraud, distribute malware and ransomware, or simply re-sell the account for a higher price
“A hacker can, for example, take control of a victim’s Steam account by changing the password. Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” said Marijus Briedis, CTO at NordVPN.
“To protect yourself, use an antivirus at all times. Other measures that could help – a password manager and file encryptions tools to make sure that even if a criminal infects your device, there is very little for them to steal.”