The infamous Russian Market has become the leading underground marketplace for trading stolen credentials harvested by info-stealer malware, according to a report by ReliaQuest.
Once overshadowed by larger rivals, the Russian Market surged in popularity following the shutdown of Genesis Market, filling the gap left behind in the cybercrime ecosystem. Offering credential logs for as low as $2(170 INR), it has now become a go-to platform for threat actors worldwide.
Why It’s Booming
ReliaQuest’s analysis reveals that 85% of the credentials on sale are recycled, yet the platform thrives due to its massive inventory and low prices. Logs sold often include:
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
- Account passwords
- Session cookies
- Credit card data
- Cryptocurrency wallet info
- SaaS and Single Sign-On (SSO) credentials
A single log may contain hundreds to thousands of stolen data points, often harvested from malware-infected devices and later sold in bulk.
Notably, 61% of stolen logs contain corporate SaaS credentials, especially from platforms like Google Workspace, Zoom, and Salesforce, while 77% include SSO logins, offering attackers access to sensitive enterprise systems.
Malware Trends: Acreed Replaces Lumma
For months, the Lumma stealer dominated the market, generating 92% of all logs on Russian Market after the fall of Raccoon Stealer. But recent law enforcement crackdowns, including the seizure of 2,300 domains, disrupted Lumma’s operations.
In its place, Acreed stealer has rapidly risen. Within just a week of emergence, Acreed produced over 4,000 logs, according to Webz.
Despite its newness, Acreed operates like other info-stealers, targeting:
- Chrome and Firefox-based browsers
- Saved passwords and autofill data
- Crypto wallets and stored credit cards
- Distribution methods include phishing emails, malvertising, and fake software tutorials on YouTube and TikTok.
Stay Alert: The Threat Is Ongoing
Cyber experts warn users and organizations to maintain good download hygiene, avoid suspicious links, and use endpoint security to guard against info-stealer malware.
About the author – Ayush Chaurasia is a postgraduate student passionate about cybersecurity, threat hunting, and global affairs. He explores the intersection of technology, psychology, national security, and geopolitics through insightful writing.