Stolen data logs of over 5.87 million people across the globe were found on sale at online cybercriminals marketplaces, including Genesis, 2easy and the Russian market.
The stolen data logs include login credentials, browser cookies, digital fingerprints, autofill forms and screenshots, according to researchers at NordVPN. The attackers have seen collecting data using RedLine, Vidar, Racoon, Taurus and AzoRult malware. RedLine malware was used for collecting more than 60% of Russian market stolen databases.
About 2% of the logs contain digital fingerprints; each data log contains 54 stolen logins and two autofill forms.
The researchers found that the biggest of these three, Russian market, sells more than 3,870,000 logs from 225 countries.
Genesis, a marketplace for stolen data created in 2017, currently offers 24,153,964 stolen logins, 537,718 autofill forms, and 81,728 digital fingerprints. This data comes from 400,000 logs stolen from people in 225 countries.
Another one, 2easy, created in 2018, sells data from almost 600,000 logs stolen from people in 195 countries.
The average price of these data logs on these marketplaces ranges between $0.2 to $40, depending on the contents of the log. Per se, a bot log with credit card information or login credentials will fetch a relatively higher price.
People from India, Brazil, Indonesia, USA, Italy, Spain and France were the most affected by these data-stealing bot attacks.
What are bot markets? How do they work?
Bot markets are online marketplaces, like Amazon or Flipkart, except run by and for cybercriminals. These are usually found and used more often on the dark web, but some can also be found on the surface web.
The sellers — also cybercriminals — on such marketplaces use these bot stealers, which are malware designed to create logs of data that it steals, create different folders for different kinds of stolen data and link it to a person’s digital identity.
These data sets are then sold on marketplaces such as the ones mentioned above to buyers — also cybercriminals — who further use it for ransomware attacks, financial fraud, phishing or targeted attacks on a person or organisation.
In the News: Chrome update brings memory and battery savers