Person in a dark room writing code on a laptop with more screens in the background.

Nearly five million people have had their data stolen and put up for sale on three major bot markets, new research from leading VPN provider NordVPN has found.

Bot markets are online stores where hackers sell stolen data obtained with bot malware. Bot malware primarily creates stealer logs or documents after digging through someone’s device for personal information, which can be used to create a victim’s digital identity.

On average, these markets sell bot logs for about $5.95 each, researchers said, and they can be constantly updated as long as the victim’s device stays infected.

“What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place,” said Marijus Briedis, NordVPN’s chief technology officer.

Cookies, Digital Fingerprints, Logins, etc. at Risk

NordVPN highlighted five targets that bots use to create a victim’s digital identity. The bots steal their victims’ cookies, digital fingerprints, login credentials, and autofill-form data. Furthermore, bots can also take screenshots of active user sessions on the device or take pictures using a highjacked webcam.

Researchers looked at three bot markets — 2Easy, Genesis, and the Russian market. While markets are accessible on the surface web, they are more popular among cybercriminals on the dark web, thanks to increased anonymity.

Of the three marketplaces examined, the Russian marketplace is the largest, with 3,870,000 bot logs from 225 countries up for sale. Most of the logs come from India, Indonesia, and Brazil. Anyone looking to access the marketplace can pay a $20 registration fee, though its dark web site is more often used.

2easy — which researchers noted received more than 30,000 visitors on their website over the last three months — has over 600,000 stolen data logs from 195 countries. A large number of the 2easy’s victims are from India, Brazil, and the U.S.

Finally, the Genesis marketplace has over 400,000 logs from 225 countries. Though it is an invitation-only online store, in the last three months, the Genesis website received over 150,000 visitors.

“The research shows that this bot market offers 24,153,964 stolen logins, 537,718 autofill forms, and 81,728 digital fingerprints,” NordVPN said about Genesis.

As for the type of malware used, NordVPN mentions RedLine, Vidar, Racoon, Taurus, and AZORult. These are the most popular malicious software used to steal and gather information.

How Cybercriminals Use Bots

When infostealers scrape data on victims’ devices, cybercriminals can wreak all kinds of havoc. Of course, the most common concerns usually shift toward compromised financial accounts should credit card or bank information be lifted. NordVPN also pointed out other common criminal ploys, from targeted scams to nuisances.

“They could also expose their victims’ private conversations, photos, and browsing history. Such information could be used in social engineering schemes,” researchers said. “Alternatively, attackers might delete or lock all of the victim’s accounts such as Netflix, Spotify, or Steam.”

While targeted phishing or social engineering schemes could be a hacker’s goal, they could also obtain information that could lead to blackmail or even sextortion based on messaging and photo records or browsing history.

NordVpn recommends taking measures to ensure digital safety online. First, it is crucial to have strict cyber hygiene, in particular, never click on suspicious links or websites. Never save passwords in your browser, as they’ll be vulnerable to attacks like these. Using a password manager offers an extra layer of encryption to protect logins. It is equally important to create strong and unique passwords and to avoid recycling them.

Finally, using a threat protection tool can help safeguard you from malware. Nord Security also recommends using an encrypted cloud storage service to keep documents secure. 

Source –