Cybercriminals are selling people's full digital identities for just a handful of change on bot marketplaces, new research has found.

According to a new report from NordVPN(opens in a new tab), some cybercriminals are infecting users with bot malware that then collects as much of the victim's sensitive data as possible, including device screenshots, login credentials session stored in the browser, cookies, digital fingerprints (screen resolution, device information, browser preferences, etc.), auto-fill forms and other information.

The data is then aggregated and sold on bot marketplaces, sometimes for as little as €6 per person. In addition, the buyer gets the guarantee that the data is valid and will be updated with new information as long as the target device remains infected with malware.

Three markets, five information thieves

During their research, NordVPN looked at three different bot markets: the Genesis market, the Russian market, and 2Easy.

All of these were active and accessible on Surface Web at the time of the scan. The most popular types of malware and information stealers were RedLine, Vidar, Racoon, Taurus, and AZORult.

Researchers say these markets are extremely dangerous because extracting the data being sold is relatively easy. By using cookies and passwords, threat actors can bypass security protections and gain a foothold in people's social media and business accounts, and use stolen identities to commit wire fraud, distribute malware and ransomware, or simply resell the account for a highest price.

“A hacker can, for example, take control of a victim's Steam account by changing the password. Steam accounts sell for up to €6,000 per account and can be easy money for a criminal,” said Marijus Briedis, CTO of NordVPN.

“To protect yourself, use an antivirus at all times. Other measures that could help: a password manager and file encryption tools to ensure that even if a criminal infects your device, there is very little to steal."

Share This