Exodus Underground Market Place Emerging As A Heaven For Cybercriminals

The Exodus Market, a haven for exiled criminals, has grown to become a significant player in the black market economy.

The user “ExodusMarket” originally announced Exodus Market for Logs on the Cracked forum on February 10, 2024, after it was formally launched at the end of January 2024.

Twice, in March 2024 and July 16, 2024, the logs platform’s original domain was modified. 

The Exodus Market is a simple website with a few features that are already available on other log markets. The TA charges between $3 and $10 for each bot, and it claims to have over 7,000 bots in 192 countries.

The network accepts Bitcoin, Monero, and Litecoin as payment methods. Users are required to deposit their cryptocurrency in the deposit box on the platform.  

The main page of the Exodus Market

Exodus Market’s Efforts To Become A Prominent Player

The threat actor advertised the new domain on July 23. The threat actor provided free enrollment to new users with a referral code in an attempt to draw in new customers. 

Cyble Research & Intelligence Labs (CRIL) claims that ExodusMarket activity on Cracked identifies the potential founder of the website.

This person has been active on the forum since 2020 under the username “Kira3301” and is a well-known website developer. 

The platform’s bots tab provides preview data, including the first two parts of the IP address, prices, country, OS systems, date of addition, and resources consumed by the bot.  

The platform also has a wiki tab, which is supposed to have general information but is currently unfinished, and a ticketing facility for client complaints. 

Wiki section of the market

Advertisements Of The New Features And Advantages

  • Over 10,000 new logs are added daily.
  • Increased privacy with moderators.
  • Filters for logs for easy searching in the platform.
  • Promises to add multi-commerce, multi-vendor system and antidetect browser for injecting logs directly from exodus market to the browser.

The market can formally communicate with its clients through a Telegram channel. On the other hand, the low quantity of views and subscribers indicates a smaller pool of potential clients.

“The TA previously offered installers for InfoStealers and RATs for $150 and mentoring sessions for the use of InfoStealers”, reads the report.

Hence, Operation Endgame and other law enforcement initiatives that have disrupted multiple infrastructures of ransomware groups like Lockbit and ALPHV and dismantled up Bumblebee, IcedID, Pikabot, SystemBC, SmokeLoader, and Trickbot botnets have proven to be highly effective obstacles for these criminal ecosystem.  

Suggestions To Prevent The Risks Of Infostealing

  • Download software/apps from known and trusted sites.
  • Adopt early threat intelligence solutions to proactively monitor for threats.
  • Monitoring known Threat Actors and groups on the darkweb.
  • Create a robust Incident Response Plan.
  • Practice the Least Privilege principles when accessing sensitive information.
Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation platform.…

4 hours ago

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a full…

6 hours ago

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of their…

7 hours ago

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated Windows…

7 hours ago

Russia Sentenced Hydra Dark Web Market Developer for Life Time

A Russian court has sentenced Stanislav Moiseyev, believed to be the founder of the notorious…

9 hours ago

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

With Sweet, customers can now unify detection and response for applications, workloads, and cloud infrastructure …

13 hours ago