Monday, November 18, 2024
HomeCyber CrimeExodus Underground Market Place Emerging As A Heaven For Cybercriminals

Exodus Underground Market Place Emerging As A Heaven For Cybercriminals

Published on

The Exodus Market, a haven for exiled criminals, has grown to become a significant player in the black market economy.

The user “ExodusMarket” originally announced Exodus Market for Logs on the Cracked forum on February 10, 2024, after it was formally launched at the end of January 2024.

Twice, in March 2024 and July 16, 2024, the logs platform’s original domain was modified. 

- Advertisement - SIEM as a Service

The Exodus Market is a simple website with a few features that are already available on other log markets. The TA charges between $3 and $10 for each bot, and it claims to have over 7,000 bots in 192 countries.

The network accepts Bitcoin, Monero, and Litecoin as payment methods. Users are required to deposit their cryptocurrency in the deposit box on the platform.  

The main page of the Exodus Market

Exodus Market’s Efforts To Become A Prominent Player 

The threat actor advertised the new domain on July 23. The threat actor provided free enrollment to new users with a referral code in an attempt to draw in new customers. 

Cyble Research & Intelligence Labs (CRIL) claims that ExodusMarket activity on Cracked identifies the potential founder of the website.

This person has been active on the forum since 2020 under the username “Kira3301” and is a well-known website developer. 

The platform’s bots tab provides preview data, including the first two parts of the IP address, prices, country, OS systems, date of addition, and resources consumed by the bot.  

The platform also has a wiki tab, which is supposed to have general information but is currently unfinished, and a ticketing facility for client complaints. 

Wiki section of the market

Advertisements Of The New Features And Advantages 

  • Over 10,000 new logs are added daily. 
  • Increased privacy with moderators. 
  • Filters for logs for easy searching in the platform. 
  • Promises to add multi-commerce, multi-vendor system and antidetect browser for injecting logs directly from exodus market to the browser. 

The market can formally communicate with its clients through a Telegram channel. On the other hand, the low quantity of views and subscribers indicates a smaller pool of potential clients.

“The TA previously offered installers for InfoStealers and RATs for $150 and mentoring sessions for the use of InfoStealers”, reads the report.

Hence, Operation Endgame and other law enforcement initiatives that have disrupted multiple infrastructures of ransomware groups like Lockbit and ALPHV and dismantled up Bumblebee, IcedID, Pikabot, SystemBC, SmokeLoader, and Trickbot botnets have proven to be highly effective obstacles for these criminal ecosystem.  

Suggestions To Prevent The Risks Of Infostealing

  • Download software/apps from known and trusted sites.
  • Adopt early threat intelligence solutions to proactively monitor for threats. 
  • Monitoring known Threat Actors and groups on the darkweb.
  • Create a robust Incident Response Plan.
  • Practice the Least Privilege principles when accessing sensitive information.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

Zohocorp, the company behind ManageEngine, has released a security update addressing a critical SQL...

Citrix Virtual Apps & Desktops Zero-Day Vulnerability Exploited in the Wild

A critical new vulnerability has been discovered in Citrix’s Virtual Apps and Desktops solution,...

Sonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability

Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing...

GeoVision 0-Day Vulnerability Exploited in the Wild

Cybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

Zohocorp, the company behind ManageEngine, has released a security update addressing a critical SQL...

Citrix Virtual Apps & Desktops Zero-Day Vulnerability Exploited in the Wild

A critical new vulnerability has been discovered in Citrix’s Virtual Apps and Desktops solution,...

Sonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability

Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing...