At least 5 million people have had their personal information stolen & sold on so-called bot markets. Of the affected users, 600 thousand were from India, according to research by cybersecurity company NordVPN.
India was the most affected country in the world, with 12% of all the data on bots markets being Indian. The report claimed the average price for the digital identity of one Indian was Rs 490 (approx. US $6).
At least 26.6 million stolen logins were found on the analyzed markets. Among them were 720K Google logins, 654K Microsoft logins, & 647K Facebook logins.
This data comes from research by NordVPN, which investigated 3 major bot markets for the same, according to a press release issued by the company. The word “bot” in this situation does not mean an autonomous program – in this case, it refers to data-harvesting malware, said NordVPN.
Bot markets are Online marketplaces hackers use to sell data they have stolen from their victims’ devices with bot malware. The data is sold in packets, which include logins, cookies, digital fingerprints, & other information — the full digital identity of a compromised person.
“What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place. And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot,” says Marijus Briedis, CTO at NordVPN. “A simple password is no longer worth money to criminals, when they can buy logins, cookies, and digital fingerprints in one click for just 490 rupees.”
The 3 major bot markets analyzed were: the Genesis Market, the Russian Market, & 2Easy. All of the markets were active & accessible on the surface Web at the time of analysis. The data on bot markets was compiled in partnership with independent 3rd-party researchers specializing in cybersecurity incident research.
The investigation found the most popular types of malware that stole data were RedLine, Vidar, Racoon, Taurus, & AZORult.
What information was being sold on bot markets?
- Screenshots of a device. During a malicious attack, a virus might take a snapshot of the user’s screen. It can even take a picture with the user’s webcam.
- Logins & other credentials. When a virus attacks the user’s device, it may grab logins saved to their browser. The research found 26.6 million stolen logins on the analyzed markets.
- Cookies. These are also usually stolen from a user’s browser and help criminals bypass two-factor authentication. The research found 667 million stolen cookies on the analyzed markets.
- Digital fingerprints. A person’s digital fingerprint includes screen resolution, device information, default language, browser preferences, & other information that makes the user unique. Many Online platforms track their users’ digital fingerprints to make sure they properly authenticate them. During the research, 81,000 stolen digital fingerprints were found on the analyzed markets.
- Autofill forms. Many people use the autofill function for their names & emails as well as for their payment cards & addresses. All of these details can be stolen by malware. During the research, 538 thousand autofill forms were found on the analyzed market.
The methodology, together with more information about the 3 analyzed markets, can be found here: https://nordvpn.com/research-lab/bot-markets
The price of a bot was converted to local currency (from US dollars to INR) on November 29, 2022.
Data about the number of Internet users in certain countries was taken from DataReportal.
