Millions of people have had their data sold on bot markets

Criminals promise the data is valid, as long as the device is infected

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybercriminals are selling people’s complete digital identities for just a handful of pocket change on bot markets, new research is showing.

According to a new report fromNordVPN, some cybercrooks are infecting users with botmalwarewhich then harvests as much sensitive data on the victim as possible, including device screenshots, login credentials stored in the browser, cookies, digital fingerprints (screen resolution, device information, browser preference, etc.), autofill forms, and other information.

The data is then packaged and sold on bot markets, sometimes for just $6 per person. What’s more - the buyer gets a guarantee that the data is valid, and that it will be updated with new information as long as the target endpoint remains infected with malware.

Three markets, five infostealers

During its research, NordVPN analyzed three separate bot markets: the Genesis Market, the Russian Market, and 2Easy.

All of these were active and accessible on the surface web at the time of analysis. The most popular malware types and infostealers were RedLine, Vidar, Racoon, Taurus, and AZORult.

A nasty new infostealer malware is landing in email inboxes>This infostealer has a vicious sting for Python developers>These are the best privacy tools around

The researchers are saying that these marketplaces are extremely dangerous, as exploiting the sold data is relatively easy. With the help of cookies andpasswords, threat actors can bypass security protections and establish a foothold in people’s social media and business accounts, and use the stolen identities to commit wire fraud, distribute malware andransomware, or simply re-sell the account for a higher price

“A hacker can, for example, take control of a victim’sSteamaccount by changing the password. Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” said Marijus Briedis, CTO at NordVPN.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“To protect yourself, use an antivirus at all times. Other measures that could help – a password manager and file encryptions tools to make sure that even if a criminal infects your device, there is very little for them to steal."

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set