Threat actors have created a new marketplace for stolen data called Industrial Spy. The marketplace deals in the sale of stolen data from breached companies and also offers its members free stolen data.
Unlike other platforms, Industrial Spy allows companies to purchase competitors’ data to gain access to trade secrets, production charts, accounting reports and customer databases.
The Industrial Spy marketplace offers different levels of data offerings. The “premium” data packages cost millions of dollars, while subclass data cost as little as $2.
Researchers discovered that attackers use executable malware files that create README.txt files to promote the site. These executables are distributed via other malware downloaders disguised as cracks and adware.
The executed malware files could be used to create the text files in each folder on the device. The files contain a description of the service and a link to the Tor page.
This shows that Industrial Spy operators probably worked with adware and crack distributors to spread the program used in promoting the marketplace.
The sources for this piece include an article in BleepingComputer.