Exodus Underground Market Place Emerging As A Heaven For Cybercriminals

The Exodus Market, a haven for exiled criminals, has grown to become a significant player in the black market economy.

The user “ExodusMarket” originally announced Exodus Market for Logs on the Cracked forum on February 10, 2024, after it was formally launched at the end of January 2024.

Twice, in March 2024 and July 16, 2024, the logs platform’s original domain was modified. 

The Exodus Market is a simple website with a few features that are already available on other log markets. The TA charges between $3 and $10 for each bot, and it claims to have over 7,000 bots in 192 countries.

The network accepts Bitcoin, Monero, and Litecoin as payment methods. Users are required to deposit their cryptocurrency in the deposit box on the platform.  

Exodus Market’s Efforts To Become A Prominent Player

The threat actor advertised the new domain on July 23. The threat actor provided free enrollment to new users with a referral code in an attempt to draw in new customers. 

Cyble Research & Intelligence Labs (CRIL) claims that ExodusMarket activity on Cracked identifies the potential founder of the website.

This person has been active on the forum since 2020 under the username “Kira3301” and is a well-known website developer. 

The platform’s bots tab provides preview data, including the first two parts of the IP address, prices, country, OS systems, date of addition, and resources consumed by the bot.  

The platform also has a wiki tab, which is supposed to have general information but is currently unfinished, and a ticketing facility for client complaints. 

Advertisements Of The New Features And Advantages

• Over 10,000 new logs are added daily.
• Increased privacy with moderators.
• Filters for logs for easy searching in the platform.
• Promises to add multi-commerce, multi-vendor system and antidetect browser for injecting logs directly from exodus market to the browser.

The market can formally communicate with its clients through a Telegram channel. On the other hand, the low quantity of views and subscribers indicates a smaller pool of potential clients.

“The TA previously offered installers for InfoStealers and RATs for $150 and mentoring sessions for the use of InfoStealers”, reads the report.

Hence, Operation Endgame and other law enforcement initiatives that have disrupted multiple infrastructures of ransomware groups like Lockbit and ALPHV and dismantled up Bumblebee, IcedID, Pikabot, SystemBC, SmokeLoader, and Trickbot botnets have proven to be highly effective obstacles for these criminal ecosystem.  

Suggestions To Prevent The Risks Of Infostealing

• Download software/apps from known and trusted sites.
• Adopt early threat intelligence solutions to proactively monitor for threats.
• Monitoring known Threat Actors and groups on the darkweb.
• Create a robust Incident Response Plan.
• Practice the Least Privilege principles when accessing sensitive information.