top of page

Attack of the Bots!

Cyber security organisation Kela have released their findings showing almost 20 million bots actively selling compromised information online. This number reflects the findings from a single marketplace, which suggests that the number of compromised hosts distributing malware and exfiltrating sensitive information is actually much higher

Information stealing bots (infostealers) are a type of malware aimed at stealing sensitive information. This includes personally identifiable information, credentials, financial information or network logs.

Once stolen, typically through the use of a mass deployed botnet, the information is then advertised for sale on forums found on the dark web such as RussianMarket, TwoEasy or even the Clearnet through Telegram.

Police agencies are aware of various infostealers and of emerging and established threats which businesses and individuals may encounter.

Complimenting these efforts, cybersecurity and threat intelligence provider Kela have produced a report based upon their research to advise the community on the emerging infostealers posing a risk to organisations worldwide.

Kela highlight that the most popular/successful infostealers to date have been Redline, Raccoon, Vidar and META, whilst also evidencing the growing threat from Titan stealer, LummaC2, Stealc and WhiteSnake.

The assessment was made based upon the source of the logs found on the aforementioned marketplaces.

Once purchased, a threat actor may seek to use the information to further exploit a found vulnerability.

From this list of threats, Titan stealer is potentially posing a more targeted threat to UK organisations.

The nature of these attacks are typically widespread without specific targeting, utilising botnets of compromised hosts to target machines based on susceptibility.

Because of this, the threat to organisations is not just the targeting of official systems but also home network devices which can be compromised to allow a threat actor to further enumerate the victim before pivoting from their personal devices to a force network if given the opportunity.

Remediation & Mitigation

The threat posed above can be mitigated through the implementation of a security-driven bring your own device (BYOD) policy, advice to personnel on how to manage the security of their personal devices and ensuring that the VPNs employed to enable work from home are maintained with the latest updates.

This is essential to avoid exploitation of existing vulnerabilities and facilitating access to organisational networks.

If you're worried about bots, malware or your business's cyber security in general, contact us for guidance. We also have various affordable services available to you, and we can put you in touch with our Cyber Essentials Partners if you require Cyber Essentials, Cyber Essentials+, tech advice or disaster recovery.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page