Wednesday, May 7, 2025
HomeCyber CrimeExodus Underground Market Place Emerging As A Heaven For Cybercriminals

Exodus Underground Market Place Emerging As A Heaven For Cybercriminals

Published on

SIEM as a Service

Follow Us on Google News

The Exodus Market, a haven for exiled criminals, has grown to become a significant player in the black market economy.

The user “ExodusMarket” originally announced Exodus Market for Logs on the Cracked forum on February 10, 2024, after it was formally launched at the end of January 2024.

Twice, in March 2024 and July 16, 2024, the logs platform’s original domain was modified. 

- Advertisement - Google News

The Exodus Market is a simple website with a few features that are already available on other log markets. The TA charges between $3 and $10 for each bot, and it claims to have over 7,000 bots in 192 countries.

The network accepts Bitcoin, Monero, and Litecoin as payment methods. Users are required to deposit their cryptocurrency in the deposit box on the platform.  

The main page of the Exodus Market

Exodus Market’s Efforts To Become A Prominent Player 

The threat actor advertised the new domain on July 23. The threat actor provided free enrollment to new users with a referral code in an attempt to draw in new customers. 

Cyble Research & Intelligence Labs (CRIL) claims that ExodusMarket activity on Cracked identifies the potential founder of the website.

This person has been active on the forum since 2020 under the username “Kira3301” and is a well-known website developer. 

The platform’s bots tab provides preview data, including the first two parts of the IP address, prices, country, OS systems, date of addition, and resources consumed by the bot.  

The platform also has a wiki tab, which is supposed to have general information but is currently unfinished, and a ticketing facility for client complaints. 

Wiki section of the market

Advertisements Of The New Features And Advantages 

  • Over 10,000 new logs are added daily. 
  • Increased privacy with moderators. 
  • Filters for logs for easy searching in the platform. 
  • Promises to add multi-commerce, multi-vendor system and antidetect browser for injecting logs directly from exodus market to the browser. 

The market can formally communicate with its clients through a Telegram channel. On the other hand, the low quantity of views and subscribers indicates a smaller pool of potential clients.

“The TA previously offered installers for InfoStealers and RATs for $150 and mentoring sessions for the use of InfoStealers”, reads the report.

Hence, Operation Endgame and other law enforcement initiatives that have disrupted multiple infrastructures of ransomware groups like Lockbit and ALPHV and dismantled up Bumblebee, IcedID, Pikabot, SystemBC, SmokeLoader, and Trickbot botnets have proven to be highly effective obstacles for these criminal ecosystem.  

Suggestions To Prevent The Risks Of Infostealing

  • Download software/apps from known and trusted sites.
  • Adopt early threat intelligence solutions to proactively monitor for threats. 
  • Monitoring known Threat Actors and groups on the darkweb.
  • Create a robust Incident Response Plan.
  • Practice the Least Privilege principles when accessing sensitive information.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

IT Worker from Computacenter Let Girlfriend Into Deutsche Bank’s Restricted Areas

A former information technology manager has filed a whistleblower lawsuit alleging a major security...

NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict

A federal jury in California has ordered Israeli spyware maker NSO Group to pay...

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

IT Worker from Computacenter Let Girlfriend Into Deutsche Bank’s Restricted Areas

A former information technology manager has filed a whistleblower lawsuit alleging a major security...

NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict

A federal jury in California has ordered Israeli spyware maker NSO Group to pay...

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...