48,000 South Africans had their online data stolen by bots – this is how much it sells for on the dark web

 ·23 Dec 2022

At least five million people around the world have had their online identities stolen and sold on bot markets, according to research from cybersecurity company NordVPN.

The group analysed three major bot markets and found that 48,000 South Africans are among the victims, and their stolen data sells for R102, on average, through the dark web.

The word “bot” in this situation does not mean an autonomous program – in this case, it refers to data-harvesting malware, NordVPN said.

Bot markets are online marketplaces hackers use to sell data they have stolen from their victims’ devices with bot malware. The data is sold in packets, which include logins, cookies, digital fingerprints, and other information — the full digital identity of a compromised person.

“What differentiates bot markets from other dark web markets is that they can get large amounts of data about one person in one place. And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot,” said Marijus Briedis, CTO at NordVPN.

“A simple password is no longer worth money to criminals when they can buy logins, cookies, and digital fingerprints in one click for just R102.”

Researchers analyzed three major bot markets: the Genesis Market, the Russian Market, and 2Easy. All of the markets were active and accessible on the surface web at the time of analysis.

The data on bot markets was compiled in partnership with independent third-party researchers specializing in cybersecurity incident research. The most popular types of malware that steal data are RedLine, Vidar, Racoon, Taurus, and AZORult.


What information do hackers sell on bot markets?

  • Screenshots of a device. During a malicious attack, a virus might take a snapshot of the user’s screen. It can even take a picture with the user’s webcam.
  • Logins and other credentials. When a virus attacks the user’s device, it may grab logins saved to their browser. The research found 26.6 million stolen logins on the analyzed markets. Among them were 720 thousand Google logins, 654 thousand Microsoft logins, and 647 thousand Facebook logins.
  • Cookies. These are also usually stolen from a user’s browser and help criminals bypass two-factor authentication. The research found 667 million stolen cookies on the analyzed markets.
  • Digital fingerprints. A person’s digital fingerprint includes screen resolution, device information, default language, browser preferences, and other information that makes the user unique. Many online platforms track their users’ digital fingerprints to make sure they properly authenticate them. The research found 81,000 stolen digital fingerprints on the analyzed markets.
  • Autofill forms. Many people use the autofill function for their names, emails, payment cards, and addresses. All of these details can be stolen by malware. During the research, 538,000 autofill forms were found on the analyzed market.

A perfect crime 

According to NordVPN, the scariest thing about bot markets is that they make it easy for hackers to exploit the victim’s data.

“Even a rookie cybercriminal can connect to someone’s Facebook account if they have cookies and digital fingerprints in place, which help them bypass multi-factor authentication,” the group said.

After logging in to a user’s account, a cybercriminal can try contacting people on a victim’s friends list and send malicious links or ask for a money transfer. They can also post fake information on the victim’s social media feed.

Information stolen from autofill forms or just by taking a device screenshot can help these actions look more believable and trustworthy – “and you will have no way to detect who used your data”.

“Some tactics are even simpler. A hacker can, for example, take control of a victim’s Steam account by changing the password. Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” said Briedis.

More sophisticated criminals buy this information and target businesses with phishing attacks, trying to impersonate the company’s employees.

“To protect yourself, use an antivirus at all times. Other measures that could help – a password manager and file encryptions tools to ensure that even if a criminal infects your device, there is very little for them to steal,” Briedis said.


Read: By the way, the Reserve Bank was hacked

Show comments
Subscribe to our daily newsletter