The Rising Threat of Traffers

Understand the business model of credential-stealing traffer organizations.

In recent years, the credential theft ecosystem has evolved with the increased professionalization of cybercriminal activities. This trend is exemplified through the multiplication of Initial Access Brokers (IABs), the proliferation of ransomware groups, the rise in malware families’ prices, and most importantly, the emergence of Traffers teams.

Traffers are organized groups of cybercriminals that use malware for credential theft. To spread the malware to its fullest, they have formed an industry-like structure of product and service providers, as well as dedicated marketplaces on Telegram channels, to facilitate the sale of those credentials.

Outpost24’s KrakenLabs analysts have been monitoring several Traffers groups, gathering information from forums and Telegram channels and obtaining and analyzing malware samples from different sources. The key findings are shared in our Rising Threat of Traffers report, which we have made available here.

The report provides an in-depth look at the:

  • Commercialization and rise in subscription model offerings for information-stealing malware, and stolen credentials.
  • Anatomy and business model of a Traffer organization, from recruitment, training, and compensation.
  • Best practices to avoid malware infections in the way it is done by Traffers teams.