In a groundbreaking study, Recorded Future found thousands of users connected to child sexual abuse materials (CSAM) by stealing information and posting malware records on the Dark Web. Thus, this revelation underscores the power of such cases to deter serious crime.
The report identified approximately 3,300 unique users with accounts from known CSAM sites. Alarmingly, 4.2% had credentials from multiple sources, indicating a high likelihood of criminality.
Kematian theft, Neptune theft, Poseidon, and others are off-the-shelf info-stellar malware variants that are used to siphon sensitive information such as credentials, cryptocurrency wallets, and payment card data. This increased malicious program targets systems and is often distributed through phishing, spam campaigns, cracked software, fake update websites, SEO poisoning, and malvertising.
Once information is gathered, it is often found to have dark circles on the dark web, where other cybercriminals develop it to further their agendas. Employees storing company credentials on personal devices or accessing personal resources on organizational devices increase the risk of infection.
Recorded Future’s Insik team identified 3,324 unique credentials used to access known CSAM domains from January 2021 to January 2024, identifying three individuals who maintain accounts on at least four websites. Cryptocurrency wallet addresses used to enter burglar circles help identify these addresses, whether they have been used or intended to purchase CSAM and other dangerous goods.
Known CSAM communities in countries such as Brazil, India, and the US. had the highest number of credentialed users, possibly due to overcrowding in data set sourcing.
Info-stealer malware and stolen credentials are not just a passing threat but are projected to remain a cornerstone of the cybercriminal economy. Investigators and law enforcement can use info-stealer logs to track child exploitation on the dark web, providing crucial insights into this elusive area and the urgent need for action.
