Threat actors have launched a new marketplace called Industrial Spy, which sells stolen data from breached companies and provides free stolen data to its members.
While stolen data marketplaces are not new, Industrial Spy promotes itself as a marketplace where businesses can purchase their competitors' data to gain access to trade secrets, manufacturing diagrams, accounting reports, and client databases, rather than extorting companies and scaring them with GDPR fines.
It would not be shocking, however, if the marketplace is used to force victims into purchasing their data in order to prevent it from being sold to other threat actors. The Industrial Spy marketplace has many tiers of data offerings, with "premium" stolen data packages costing millions of dollars and lower-tier data available as individual files for as little as $2.
Industrial Spy, for example, is now selling an Indian company's data in their premium category for $1.4 million in bitcoin.
Premium stolen data category, Image Courtesy: Bleeping Computer
However, much of their data is offered as individual files, allowing threat actors to buy the files they desire for $2 each.
Ability to buy individual files, Source: Bleeping Computer
The marketplace also provides free stolen data packets, which will likely tempt additional threat actors to use it. Some of the firms whose data is available in the "General" category to have been known to be victims of ransomware attacks in the past.
As a result, the threat actors may have obtained this data from the ransomware gang's leak sites in order to resell it on Industrial Spy.
Promoted via cracks and adware
The Industrial Spy marketplace was discovered by security researcher
MalwareHunterTeam, who discovered malware executables [
1,
2] that create README.txt files to promote the site. When these malware files are activated, they will produce text files in every folder on the device, each with a description of the service and a link to the Tor website.
"There, you may buy or obtain private and compromising info about your competition for free. We make plans, drawings, technologies, political and military secrets, accounting reports, and client databases available to the public "reads the text file README.txt
"All of this information was acquired from the world's major corporations, conglomerates, and concerns involved in every activity. We collect data by exploiting vulnerabilities in their IT architecture."
README.txt file created to promote marketplace, Source: BleepingComputer
BleepingComputer revealed that these executables are being transmitted through various malware downloaders that are typically disguised as cracks and adware.
STOP ransomware and password-stealing Trojans, for example, are routinely spread via cracks and are deployed alongside the Industrial Spy executables.
Furthermore, according to VirusTotal, the README.txt files are located in multiple collections of password-stealing trojan records, indicating that both programmes were launched on the same device.
This suggests that the owners of the Industrial Spy website work with adware and crack sellers to spread the application that promotes the marketplace.
While the site isn't extensively used at the moment, businesses and security researchers should keep an eye on it and the data it claims to sell.
Please do not enter any spam link in the comment box.