New market for stolen industrial spies promoted through cracks, adware

man with money

Threat actors have launched a new marketplace called Industrial Spy, which sells stolen data from hacked companies and offers stolen data to its members for free.

While stolen data marketplaces are not new, rather than extorting companies and scaring them with GDPR fines, Industrial Spy promotes itself as a marketplace where companies can buy their competitors’ data to access trade secrets. , production diagrams, accounting reports and customer databases .

However, it wouldn’t be surprising if the marketplace is used to extort victims into buying their data to prevent it from being sold to other threat actors.

The Industrial Spy marketplace offers different tiers of data offerings, with “premium” stolen data packages costing millions of dollars and lower-end data that can be purchased as separate files for as little as $2.

For example, Industrial Spy is currently selling the data of an Indian company in their premium category for $1.4 million, paid in bitcoin.

Premium stolen data categoryPremium stolen data category
Source: BleepingComputer

However, much of their data is sold as separate files, where cybercriminals can purchase the specific files they want for $2 each.

Ability to purchase individual filesAbility to purchase individual files
Source: BleepingComputer

The marketplace also offers stolen data packages for free, which are likely to entice other threat actors to use the site.

Some companies whose data is presented in the ‘General’ category are known to have suffered from ransomware attacks in the past.

Therefore, the threat actors may have downloaded this data from ransomware gang leak sites to resell it on Industrial Spy.

Promoted via cracks and adware

BleepingComputer first heard about the Industrial Spy marketplace from security researcher MalwareHunterTeamwho found executable malware [1, 2] who create README.txt files to promote the site.

When executed, these malware files create the text files in every folder on the device, which contain a description of the service and a link to the Tor site.

“There you can buy or download your competitors’ private and compromising data for free. We disclose schematics, drawings, technologies, political and military secrets, accounting reports and customer databases,” reads the README.txt text file.

“All these things have been collected from the largest global corporations, conglomerates and companies of every activity. We collect data using vulnerability in their IT infrastructure.”

README.txt file created to promote marketplaceREADME.txt file created to promote marketplace
Source: BleepingComputer

Upon further investigation by BleepingComputer, we found that these executables are distributed via other malware downloaders that are commonly disguised as cracks and adware.

For example, STOP ransomware and password-stealing Trojans, which are often distributed via cracks, are installed together with Industrial Spy executable files.

In addition, VirusTotal shows that the README.txt files are found in numerous collections of password-stealing Trojan logs, indicating that both programs were running on the same device.

This indicates that the Industrial Spy website operators are likely to collaborate with adware and crack distributors to distribute the program that promotes the market.

While the site isn’t widely used right now, companies and security researchers should keep an eye on the site and the data it claims to sell.

This post New market for stolen industrial spies promoted through cracks, adware

was original published at “”