Cybercriminals were able to obtain extremely sensitive user data including 26.6 million usernames and passwords. A study by NordVPN showed that data of five million people has been stolen by bot malware since 2018. Among them were 720 thousand Google logins, 654 thousand Microsoft logins, and 647 thousand Facebook logins.
125K Americans have been affected by malware. The most affected nations globally were India, Indonesia, and Brazil. The average price for a person’s digital information on the bot markets is $6.
The word “bot” in this situation does not mean an autonomous program it refers to data-harvesting malware. Because the malware steals logins together with cookies and device configuration information, cybersecurity experts say that the rise of this malware will help hackers bypass multi-factor authentication (MFA).
“When a criminal hacks a password, they cannot complete the identity authentication if the user has MFA enabled,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN. “However, if a criminal obtains their victim’s cookies and device configuration information, they can trick the security systems and avoid MFA activation. Because bot malware provides criminals with the entire digital identity of their victims — it presents a brand new set of risks,”
The scariest thing about bot markets is that they make it easy for hackers to exploit their victim’s data. Even a rookie cyber criminal can connect to someone’s Facebook account if they have cookies and digital fingerprints in place, which help them bypass multi-factor authentication.
After logging in to a user’s account, a cyber criminal can try contacting people on a victim’s friends list and send malicious links or ask for a money transfer. They can also post fake information on the victim’s social media feed.
“Some tactics are even simpler. A hacker can, for example, take control of a victim’s Steam account by changing the password. Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” says Adrianus Warmenhoven.
More sophisticated criminals buy this information and target businesses with phishing attacks, trying to impersonate the company’s employees.
“To protect yourself use an antivirus at all times. Other measures that could help – a password manager and file encryptions tools to make sure that even if a criminal infects your device, there is very little for them to steal,” adds Adrianus Warmenhoven.
Researchers analysed three major bot markets: the Genesis Market, the Russian Market, and 2Easy. All of the markets were active and accessible on the surface web at the time of analysis. The data on bot markets was compiled in partnership with independent third-party researchers specialising in cybersecurity incident research.
The most popular types of malware that steal data are RedLine, Vidar, Racoon, Taurus, and AZORult.