It is not happening on Dark Web but Instagram.
Instagram has become much more than a platform to share your traveling, culinary, or fitness-related experiences, but a thriving portal for selling stolen accounts.
Reportedly, hackers are using Instagram to sell access to botnets as well as stolen user accounts from Spotify, Fortnite and other services. The botnets can be used to launch DDoS attacks, and anyone can rent them out to fulfill malicious objectives.
Motherboard’s Joseph Cox reports that Instagram is a safe haven for cyber-crooks primarily because it undergoes minimal content moderation in comparison to other social networks. Moreover, there is a big chunk of customers who do not use Dark Web marketplace, so, probably hackers want to target them through Instagram.
Cox claims that some users on Instagram are marketing for stolen games and online services accounts and also offering botnets on sale and on rent. These accounts were active at the time of writing.
See: Fortnite players beware: Data-stealing malware disguised as cheat tool
Their offered botnets are powered by IoT devices that have been infected using Mirai strains. Those who opt to rent botnets can subscribe for monthly service at the rate of $5 to $80. The rate is determined according to the number of devices that are used to create a botnet or the level of DDoS functionalities that they offer. The Fortnite Battle Royale game’s stolen accounts are up for sale with lucrative packages including exclusively designed skins, and in-game upgrades.
According to Cox, a majority of Instagram users selling them are connected together on the social network, and presumably, they all are part of an organized hacking community. As mentioned by Root Senpai, who sells hacking tools and goods on Instagram, that “there is a lot of people in the community on Instagram.” This is actually a drawback because being part of a network would make it quite easy for the platform to detect them and take necessary steps, says Cox.
It is worth noting that the hackers and their products all appear to be quite immature; for instance, one of the posts by a hacker who is selling a Mirai-based botnet shows the actual photo of the hacker. Another hacker using the ID ghoastttzzz has posted a screenshot of the control panel of the offered botnet with this text: “hmu [hit me up] for spots.” Some hackers are even using Instagram’s Stories feature to advertise for their products.
See: Hackers are holding Instagram accounts of influencers for ransom
It is apparent that hackers are trying to cash in on the immense popularity of games like Fortnite. Some of the accounts share Fortnite images. Kids are also involved in this campaign, as noted by Root Senpai:
“There are a lot of kids on Instagram that is [sic] willing to buy botnet spots, mostly kids that play on console. For me, I just sell spots for fun and money because I am still to [sic] young to get a full job that can make a decent amount of money.”
This is a blatant violation of Instagram’s Terms of Service, which clearly states that no user can do anything that’s “unlawful, misleading, or fraudulent or for an illegal or unauthorized purpose.” This includes selling hacked or stolen accounts access and obviously malware-laden botnets.