Malware Finances and Operations: a Data-Driven Study of the Value Chain for Infections and Compromised Access
share
We investigate the criminal market dynamics of infostealer malware and publish three evidence datasets on malware infections and trade. We justify the value chain between illicit enterprises using the datasets, compare the prices and added value, and use the value chain to identify the most effective countermeasures. We begin by examining infostealer malware victim logs shared by actors on hacking forums, and extract victim information and mask sensitive data to protect privacy. We find access to these same victims for sale at Genesis Market. This technically sophisticated marketplace provides its own browser to access victim's online accounts. We collect a second dataset and discover that 91 Database Market sells access to compromised online accounts. We produce yet another dataset, finding 91 median of 7 US dollars.
READ FULL TEXT
