What Is a Bot Market and How Can Publishers Fight Against Them?

The battle for brand safety is on. Bad actors are more creative than ever with their ad fraud tactics.

It’s time to sweep your sites clean because ad fraudsters and their malvertising schemes are lurking. They are setting traps to sell your consumers’ data, ultimately affecting your credibility as a publisher. 

Digital bots are becoming increasingly common on the web. They pop up in customer service, search engine optimization, and entertainment. 

There are benefits to bots. They imitate human user behavior but work at a much faster capacity. Bots are also used for site monitoring, checking copyrights, newsfeed checking for relevant stories, and more. However, many of them are malicious. 

After malicious bots steal your data, hackers sell malware bot logs on various bot markets, creating an even more significant threat. How do these markets work?

A cybersecurity firm, NordVPN, conducted research that showed that at least five million people have had their online identities stolen and sold on bot markets for $6 on average. Out of all the affected people, 125 thousand are Americans.

What are Bot Markets? 

While a bot typically refers to an autonomous program, the meaning is more sinister in this instance. Bots, in this case, refer to data-harvesting malware. 

Bot markets are online marketplaces hackers use to sell data they have stolen from their victims’ devices with bot malware. The data is sold in packets and includes the entire digital identity of the endangered person. The packet contains the consumer’s logins, cookies, digital fingerprints, and other information.  

“What makes bot markets different from other dark web markets is that they can get large amounts of data about one person in one place. And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as the bot infects their device,” says Marijus Briedis, CTO at NordVPN. “A simple password is no longer worth money to criminals when they can buy logins, cookies, and digital fingerprints in one click for just six bucks.”

NordVPN’s Research

While conducting their research, Nord VPN analyzed three major bot markets. They utilized a third-party entity that specialized in cybersecurity incident research. The markets included:

 Genesis Market. The Genesis market launched in 2017. The marketplace offers the most advanced interface out of all bot markets. Genesis sells more than 400,000 logs from 225 countries.

  • Bot logs prices’ vary from $0.50 to around $40.
  • Around 150,000 users have visited the Genesis website during the last three months. Most of the visitors come from the USA, Turkey, and France.
  • Hackers can access the Genesis Blackmarket, an invitation-only online store, through the surface web.

Russian Market. The Russian market is the largest bot marketplace. It sells more than 3,870,000 logs from 225 countries. The Russian market offers the easiest way to become a vendor but it is also more dangerous.

  • Bot logs in the Russian market cost $0.50 to $10 per bot.
  • Cybercriminals can access the Russian market through the surface and the dark web after paying the registration fee of $20.
  • The dark web version is much more popular because hackers want to stay anonymous.

2Easy. The 2easy marketplace was launched in 2018. At first, it was considered to be smaller compared to other markets. Yet the situation has dramatically changed since then. Now, 2easy sells more than 600,000 stolen data logs from 195 countries.

  • The bot log price in this market varies from $0.2 to $20.
  • India, Brazil, and the US are the most affected countries by this market.
  • According to SimilarWeb, around 30,000 users have visited the market’s website during the last three months. Most of them come from Russia, Luxembourg, and the USA.
  • This market operates on the surface web.

What Information Do Hackers Sell on Bot Markets? 

Watch out! There is a robbery incoming! 

When hackers try to access a consumer’s data, they seek to steal their digital identity. Their tactics are sly and effective. Be on the lookout, as your login and devices are only safe with proper precautions. Here’s what you should be on the lookout for: 

Screenshots of a device. During a malicious attack, a virus takes a snapshot of the user’s screen or can take a picture with the user’s webcam.

Logins and other credentials. When a virus attacks the user’s device, it will grab logins saved to their browser. The research found 26.6 million stolen logins on the analyzed markets. Among them were 720 thousand of Google logins and 654 thousand Microsoft logins.

Cookies. These are stolen from a user’s browser and help criminals bypass two-factor authentication. The research found 667 million stolen cookies on the analyzed markets.

Digital fingerprints. A person’s digital fingerprint includes screen resolution, device information, default language, browser preferences, and other information that makes the user unique. Many online platforms use a consumer’s digital fingerprint for their benefit, such as to make sure they properly authenticate them. In the case of bot markets, that info is sold to the highest bidder. During the research, 81 thousand of stolen digital fingerprints were found on the analyzed markets.

Autofill forms. The autofill function is typically used for people’s names, emails, payment cards, and addresses. All of these details can be stolen by malware. The research found 538 thousand of autofill forms on the analyzed market. 

How Do Bots Attack and How Can Consumers Protect Themselves? 

Bot markets are useful for hackers because they make exploiting the victim’s data easy. Even rookie hackers can connect to someone’s social media account if they access their cookies and digital fingerprints. This helps them bypass multi-factor authentication. 

When they access a user’s account, a cybercriminal will contact people on a victim’s friends list, send malicious links, or ask for a money transfer. They can also post fake information on the victim’s social media feed.

“Some tactics are even simpler. A hacker can, for example, take control of a victim’s Steam account by changing the password. Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” says Marijus Briedis.

A more informed hacker buys information and targets businesses with phishing attacks, trying to impersonate the company’s employees. 

In addition, NordVPN lauds the use of VPNs to protect consumers’ data. 

“To protect yourself, use an antivirus at all times. Other measures that could help – a password manager and file encryptions tools to ensure that even if a criminal infects your device, there is very little for them to steal,” says Marijus Briedis.

How Can Publishers Fight Bad Bots?

Publishers and advertisers are not safe either. Publishers lose billions of dollars to ad fraud every year. Although, the biggest consequence, which inherently affects their revenue, is that consumers lose trust in their credibility. 

Even large publishers are not safe. For example, Apple and Spotify were attacked by malvertising schemes and, thus, are susceptible to having their consumers’ information sold on bot markets. According to LD Mangin, CEO & Co-Founder at Confiant, publishers and advertisers are at risk because cybercriminals use the ad tech supply chain to reach their targets. 

“Every publisher who connects to programmatic is susceptible to this,” says Mangin. “Malvertising is an infrastructure ad tech – i.e., it is a cyber attack that leverages the ad tech infrastructure, which means it’s important to recognize that those publishers are not the target. They are the path to the victim: the user.” 

To protect themselves and the consumer, publishers must know what parts of the supply chain are most vulnerable to cyber-attacks. This will allow publishers and advertisers to put better security measures in place.