How hackers are selling your browser data underground

Browser data is ranked the number one target for data stealers, according to Trend Micro Incorporated. The cybersecurity company recently released a new report titled, Your stolen data for sale, which details the risks associated with data theft and its subsequent misuse.

The report reveals that the risk of data theft is greater than ever, with the value of stolen data continuing to increase on the black market and infected computers often located in developing countries. During the first half of 2023, total malware blocked by Trend Micro in South Africa was up by 20% from the same period in 2022, reaching around 15-million malware in total.

To complicate matters, the growing trend of remote work and cloud storage solutions has also created new opportunities for infostealer attacks.

Infostealer malware is currently responsible for most of the stolen data being sold on the criminal underground. It’s a type of malicious software that cybercriminals use to extract sensitive information from a victim’s computer or mobile device. Once a victim is infected, their data will be extracted from the machine and put up for sale.

“It’s essential for individuals and businesses alike to understand the market for stolen data. This will allow them to take the necessary precautions to safeguard themselves against data breaches and to implement strong security measures to protect their sensitive information,” says Emmanuel Tzingakis, Technical Lead, African Cluster at Trend.

To help online users better understand the types of data that are most at risk, Trend Micro compared the 16 most active infostealers in recent years in terms of stealing capabilities and types of data each one targets. Findings from the research were as follows:

What is stolen data being used for?

Infostealers are specifically designed to steal data, such as credentials, credit card and financial information, and other critical information, that can later be used for other fraudulent activities. This data, which can be stolen from the browser’s saved passwords or from browser cookies, could even allow the criminal to bypass multiple factor authentication (MFA). However, this value is time-sensitive; it’s only good based on how long a session remains open with each affected account.

The most common ways for hackers to monetise stolen credentials include:

• Draining cryptocurrency wallets.
• Making transactions on behalf of the user on e-commerce sites and banking sites.
• Attacking the victims’ contacts. For example, performing the “stranded traveller” scam, which involves impersonating victims to contact their friends and ask them for money.
• Entering users’ organisations through their VPN credentials and performing lateral movement to gain a foothold in the organisation.

Which data is most valuable?

The value of individual stolen data varies depending on its type, quality, and availability. For example, credentials for a bank account with a high balance will be much more valuable than those for a social media account.

It’s perhaps not surprising then that browser data is by far the preferred target for data stealers, with its treasure trove of sensitive information, including authentication cookies, stored credit cards, credentials, passwords, and navigation history. 

Together with cryptocurrency wallets, website credentials are also the type of data which is most easily monetised. Mail credentials, on the other hand, are as actionable as web credentials, but they are harder to find on underground marketplaces.

Other categories, like Wi-Fi credentials and desktop screenshots, are also not so easy to sell or abuse, and are therefore categorised as less risky.

Finally, the more data is available about an individual, the more valuable and susceptible to misuse and fraudulent activities it becomes.

“Personal data is and will continue to be a prime target for criminals because it’s easy to obtain and make money from. Therefore, data shops will remain a staple in criminal communities, showing no signs of dwindling anytime soon,” says Tzingakis. “With the festive season fast approaching, online users will be at even greater risk from info stealers and should take particular care where specific types of data, such as their credit card details, are concerned.”