Hackers have launched a new Industrial Spy marketplace on the darknet, where they trade data stolen from hacked companies and distribute dumps for free.
At the same time, Industrial Spy positions itself as a marketplace where companies can acquire the data of their competitors in order to gain access to trade secrets, production drawings, accounting reports and customer databases.It is possible that cybercrime has a shortage of reliable trading platforms after the liquidation of the Hydra market.
It is noted that many companies whose data is traded by attackers have suffered from ransomware attacks in the past. That is, hack groups could download this information from their “leak sites” to resell on Industrial Spy.
Let me remind you, by the way, that recently the hacker platform RaidForums Was Seized by a Joint Police Force. In addition, during the international operation TOURNIQUET, coordinated by Europol, the well-known hacker resource RaidForums was closed.
Bleeping Computer reports that the new marketplace has offers of all levels, from “premium” dumps that cost millions of dollars to less “hot” offers, where users can purchase evn individual files for $2.00.
For example, for the data of an unnamed Indian company that is now being sold on Industrial Spy, the attackers are asking about $1.4 million, paid in bitcoins. However, most of the data can be purchased as separate files.
It is also interesting that Industrial Spy is advertised in a very exotic way. Thus, Bleeping Computer journalists learned about the trading platform from the information security researcher MalwareHunterTeam, who discovered malware executable files (1, 2), whose README.txt files contained site advertisements. In fact, when launched, such malware creates text files with ads in every folder on the device.
As it turned out, such executable files that generate README.txt with ads are distributed through various malware loaders, usually disguised as cracks and adware. For example, STOP ransomware and stealer trojans, usually distributed via cracks, are installed with Industrial Spy executables.
According to VirusTotal, README.txt files were also found in the logs of numerous password-stealing Trojans, meaning both malware can ran simultaneously on the same device. In fact, this means that Industrial Spy operators are most likely cooperating with adware and crack distributors to promote their marketplace.