A new report has sounded warning bells over online identity theft, saying the data of 48 000 South Africans is currently up for sale on bot markets.
The report, by cyber security firm NordVPN, details how five million people, including South Africans, have had their online identities stolen and sold on bot markets for slightly over R100.
According to the company, South Africans and others are being targeted by hackers who are selling their victims’ webcam snaps, screenshots, up-to-date logins, cookies and digital fingerprints on bot markets.
Bot markets are online marketplaces that hackers use to sell data they have stolen from their victims’ devices via bot malware.
NordVPN notes RedLine, Vidar, Racoon, Taurus and AZORult are the most popular types of malware that steal data.
The company explains the stolen data is sold in packets containing the full digital identity of a compromised person.
Marijus Briedis, chief technology officer at NordVPN, comments: “What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place.
“And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot. A simple password is no longer worth money to criminals, when they can buy logins, cookies and digital fingerprints in one click for just R102.”
What’s up for sale
NordVPN says screenshots of devices are popular with hackers. It says during a malicious attack, “a virus might take a snapshot of the user’s screen. It can even take a picture with the user’s webcam.”
The second batch of data being sold are logins details, and NordVPN explains that when a virus attacks a device, it may grab logins saved to the browser, which are then offered on the bot market.
“The research found 26.6 million stolen logins on the analysed markets. Among them were 720 000 Google logins, 654 000 Microsoft logins and 647 000 Facebook logins.”
NordVPN says cookies are usually stolen from a user’s browser and help criminals bypass two-factor authentication. Its research found 667 million stolen cookies on the analysed markets.
Lastly, digital fingerprints and autofill forms are a prime target for the hackers, according to NordVPN.
“A person’s digital fingerprint includes screen resolution, device information, default language, browser preferences and other information that makes the user unique. Many online platforms track their users’ digital fingerprints to make sure they properly authenticate them. During the research, 81 000 stolen digital fingerprints were found on the analysed markets.
“Many people use the autofill function for their names and e-mails, as well as for their payment cards and addresses. All of these details can be stolen by malware. During the research, 538 000 autofill forms were found on the analysed market.
In its caveat, NordVPN says: “The scariest thing about bot markets is that they make it easy for hackers to exploit the victim’s data. Even a rookie cyber criminal can connect to someone’s Facebook account if they have cookies and digital fingerprints in place, which help them bypass multi-factor authentication.
“After logging in to a user's account, a cyber criminal can try contacting people on a victim’s friends list and send malicious links or ask for a money transfer. They can also post fake information on the victim’s social media feed.
“Information stolen from autofill forms or just by taking a device screenshot can help these actions look more believable and trustworthy. And you will have no way to detect who used your data.”
Share