(Source – Shutterstock)

50,000 Malaysians have their data sold on bot markets — NordVPN

  • Out of the five million people who have had their personal information stolen and sold on so-called bot markets, 50,000 are from Malaysia, research by cybersecurity company NordVPN found.
  • The average price for the digital identity of one person is RM27 (US$6 approximately).

Bots have been all the rage over the last few years — with every other company rolling out their own. They operate in fields such as customer service, search engine optimization, and even entertainment. Yet, as cybersecurity firm NordVPN puts it, not all bots serve good intentions – many of them can be malicious. In fact, in their latest report, it was discovered that cybercriminals are selling people’s complete digital identities on bot markets.

What is more shocking is the fact that at least five million people have had their online identities stolen and sold on bot markets for RM27 (US$6 approximately) on average. Out of all the affected people, 50,000 are from Malaysia, NordVPN said. “Taking into consideration the number of internet users in Malaysia, this is a high number compared to other Asian countries,” the company said in a statement.

For example, Japan had 13,00 people affected, but the number of internet users in Japan is almost five times higher than Malaysia. To put into context, the word “bot” in this situation does not mean an autonomous program – in this case, it refers to data-harvesting malware. Bot markets are online marketplaces hackers use to sell data they have stolen from their victims’ devices with bot malware. 

The data is sold in packets, which include logins, cookies, digital fingerprints, and other information — the full digital identity of a compromised person. “What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place. And after the bot is sold, they guarantee the buyer that the victim’s information will be updated for as long as their device is infected by the bot,” Marijus Briedis, CTO at NordVPN said. 

What else NordVPN unveiled in its findings?

It seems that a simple password is no longer worth money to criminals, when they can buy logins, cookies, and digital fingerprints in one click for just 27 ringgits. Based on the three major bot markets researchers had analyzed — the Genesis Market, the Russian Market, and 2Easy — all the markets were active and accessible on the surface web at the time of analysis. 

The most popular types of malware that steal data are RedLine, Vidar, Racoon, Taurus, and AZORult. Other findings by NordVPN show that at least 26.6 million stolen logins were found on the analyzed markets. Among them were 720,000 Google logins, 654,000 Microsoft logins, and 647,000 Facebook logins. 

In addition, researchers found 667 million cookies, 81 thousand digital fingerprints, 538 thousand auto-fill forms, numerous device screenshots, and webcam snaps. 

Anatomy of a bot

Basically, once malicious software has been installed on the victim’s computer, it creates stealer logs or documents where it collects all the stolen data. Like a well-trained dog, the virus sniffs through the computer and detects valuable information about the victim and their hardware. All the stolen data creates a person’s digital identity.

Sharing how easy it is for hackers to exploit, NordVPN said even a rookie cybercriminal can connect to someone’s Facebook account if they have cookies and digital fingerprints in place, which help them bypass multi-factor authentication. After logging in to a user’s account, a cybercriminal can try contacting people on a victim’s friends list and send malicious links or ask for a money transfer. 

“They can also post fake information on the victim’s social media feed. Information stolen from autofill forms or just by taking a device screenshot can help these actions look more believable and trustworthy. And you will have no way to detect who used your data,” the company noted in its statement.

To protect yourself, always use an antivirus, CTO Briedis said. Other measures that could help are a password manager and file encryptions tools to make sure that even if a criminal infects your device, there is very little for them to steal, he added.