ADVERTISEMENT

Your passwords run a secret economy in the Russian crime scene

Your passwords, logged by infostealers, are being traded on a thriving Russian underground marketplace, sometimes for as little as $2.

Russian dark web

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Jun 3, 2025 Updated: 3 June 2025 4 min read
Industries affected the most by credential theft
ReliaQuest customer alerts stemming from Russian Market, 2024

How did the Russian Market become a powerhouse of credential theft?

Russian Market logs
Russian Market "LOGS" page. Source: ReliaQuest

The Russian Market’s opus moderandi

  • All Passwords: The main draw: a full list of credentials recovered from the infected machine, often including browser logins, saved session data, and application passwords.
  • Brute: A set of credentials likely curated for brute-force attacks, allowing attackers to attempt unauthorized access across platforms.
  • Processes: A snapshot of all software running at the time of infection, offering clues about what the machine was being used for.
  • Software: A catalog of installed programs that can help attackers tailor follow-up exploits or identify high-value targets.
  • System: Technical details such as the machine’s name, antivirus status, GPU model, and malware version used are useful for profiling the victim or avoiding detection.
ADVERTISEMENT

Source of stolen credentials: infostealers

ReliaQuest infostealers graph
Percentage of Russian Market alerts attributed to different infostealers by quarter. Source: ReliaQuest

SaaS and SSO credentials are among the most wanted

vilius Ernestas Naprys Gintaras Radauskas Paulina Okunyte
Don’t miss our latest stories on Google News.
Add us as your Preferred Source on Google.

The next big threat

ADVERTISEMENT