Trend Micro today publishes a new report examining the thriving black market for stolen personal and professional data. By analyzing the 16 most active infostealer malware variants across two dark web marketplaces (Russian Market and 2easy.shop), Trend Micro researchers have produced a unique risk matrix that helps quantify which types of stolen data are most at risk once they fall into criminal hands.
The report measures how much “at risk” stolen data becomes when accessed by cybercriminals or fraudsters
Crypto wallets and website credentials rank at the top: these data types generate the highest revenues and are also among the easiest to find on underground sites.
Wi‑Fi credentials and desktop screenshots are less lucrative and harder to monetize, placing them in a lower-risk category. Between those extremes are more specialized authentication types such as FTP and VPN credentials, which occupy a mid-level risk position.
Among stolen website credentials, accounts tied to Google.com appear in the largest volume, followed by Live.com, Facebook and Instagram.
Jean Diarbakerli, a security adviser at Trend Micro, emphasizes treating crypto assets like cash and storing them in digital safes. Stolen website credentials, meanwhile, can be exploited with devastating results. The report gives individuals and organizations the insight needed to better prioritize defensive measures by understanding which data types are most critical.
Infostealers represent a growing threat because stolen data has high value within criminal ecosystems and is often sold onward to other threat actors.
Common monetization methods for stolen user credentials include:
- Draining cryptocurrency wallets.
- Using account credentials to complete transactions on e‑commerce and banking sites.
- Targeting victims’ contacts with scams such as “stranded traveler” frauds.
- Compromising an organization by leveraging stolen VPN credentials to perform lateral attacks.
Despite the large number of infostealer families in the wild, Trend Micro found that only a handful have a substantial presence on dark web markets. That indicates organizations should focus defensive efforts on the most prevalent infostealers found on these markets, as they present the greatest risk.
Read the full report, Your Stolen Data for Sale, for more details and recommendations.