Connect with us

Hi, what are you looking for?

HEADLINES

Data of 125 thousand Filipinos for sale on bot markets

This growing threat has already affected five million people globally, with hackers selling webcam snaps, screenshots, up-to-date logins, cookies, and digital fingerprints.

Photo by @privecstasy from Unsplash.com

At least five million people have had their online identities stolen and sold on bot markets for 340 PHP on average. Out of all the affected people, 125 thousand are from the Philippines, making the country the 10th most affected by this threat in the world.

This data comes from research by the cybersecurity company NordVPN, which looked into three major bot markets. The word “bot” in this situation does not mean an autonomous program – in this case, it refers to data-harvesting malware. Bot markets are online marketplaces hackers use to sell data they have stolen l from their victims’ devices with bot malware. The data is sold in packets, which include logins, cookies, digital fingerprints, and other information — the full digital identity of a compromised person.  

“What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place. And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot,” says Marijus Briedis, CTO at NordVPN. “A simple password is no longer worth money to criminals, when they can buy logins, cookies, and digital fingerprints in one click for just 340 peso.”

Researchers analyzed three major bot markets: the Genesis Market, the Russian Market, and 2Easy. All of the markets were active and accessible on the surface web at the time of analysis. The data on bot markets was compiled in partnership with independent third-party researchers specializing in cybersecurity incident research.

Advertisement. Scroll to continue reading.

The most popular types of malware that steal data are RedLine, Vidar, Racoon, Taurus, and AZORult.

What information do hackers sell on bot markets?

  • Screenshots of a device. During a malicious attack, a virus might take a snapshot of the user’s screen. It can even take a picture with the user’s webcam.
  • Logins and other credentials. When a virus attacks the user’s device, it may grab logins saved to their browser. The research found 26.6 million stolen logins on the analyzed markets. Among them were 720 thousand Google logins, 654 thousand Microsoft logins, and 647 thousand Facebook logins.[1]
     
  • Cookies. These are also usually stolen from a user’s browser and help criminals bypass two-factor authentication.The research found 667 million stolen cookies on the analyzed markets.
     
  • Digital fingerprints. A person’s digital fingerprint includes screen resolution, device information, default language, browser preferences, and other information that makes the user unique. Many online platforms track their users’ digital fingerprints to make sure they properly authenticate them. During the research, 81 thousand stolen digital fingerprints were found on the analyzed markets.
     
  • Autofill forms. Many people use the autofill function for their names and emails as well as for their payment cards and addresses. All of these details can be stolen by malware. During the research, 538 thousand autofill forms were found on the analyzed market.

A perfect crime using bots

The scariest thing about bot markets is that they make it easy for hackers to exploit the victim’s data. Even a rookie cybercriminal can connect to someone’s Facebook account if they have cookies and digital fingerprints in place, which help them bypass multi-factor authentication. 

After logging in to a user’s account, a cybercriminal can try contacting people on a victim’s friends list and send malicious links or ask for a money transfer. They can also post fake information on the victim’s social media feed.

Information stolen from autofill forms or just by taking a device screenshot can help these actions look more believable and trustworthy. And you will have no way to detect who used your data. 

“Some tactics are even simpler. A hacker can, for example, take control of a victim’s Steam account by changing the password. Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” says Marijus Briedis.

More sophisticated criminals buy this information and target businesses with phishing attacks, trying to impersonate the company’s employees.  

Advertisement. Scroll to continue reading.

“To protect yourself, use an antivirus at all times. Other measures that could help – a password manager and file encryptions tools to make sure that even if a criminal infects your device, there is very little for them to steal,” adds Marijus Briedis.

The price of a bot was converted to local currency (from US dollars to PHP)  on November 30th.

Data about the number of internet users in certain countries was taken from DataReportal.

Stolen logins found on bot markets

Google720,676
Microsoft654,444
Facebook647,574
Amazon226,264
Netflix223,173
PayPal201,649
Instagram196,904
Steam180,581
Ebay123,955
EA Network115,807
Roblox112,050
LinkedIn108,789
Yahoo105,944
Dropbox105,918
Ali Express100,690
Twitch93,678
Apple Store90,068
Twitter89,469
Sony Entertainment89,421
Spotify75,941
Riot Games75,242
Epic Games72,673
MEGAnz61,150

[1] The rest of the stolen logins are indicated in the table “Stolen logins found on bot markets” below.

Advertisement. Scroll to continue reading.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement