Cybercriminals continuously seek new ways to exploit widespread online platforms for malicious purposes. With over 7 million global listings in 100k active cities, Airbnb has turned into a cybercriminal magnet. While Airbnb offers comfortable and affordable accommodations its popularity has made it vulnerable to scams, fake accounts, etc.
According to Slashnext’s research, “Cybercriminals often employ malicious software known as “stealers” to obtain information such as usernames and passwords.” Stealers are malware that infiltrates devices and transmits stolen data (logs) to attackers. Logs are typically sent to servers but can be emailed via secure chat services like Telegram. They are also very versatile as they can be deployed through a variety of different methods such as social engineering, software exploitation, and malvertising. Additionally, there is an underground market where buyers and sellers can distribute these “stealers” in large quantities.
Most often, once hackers are able to compromise stolen cookies their next goal is to make a profit. Criminals will and can sell these stolen cookies directly to other criminals, usually on underground forums that facilitate these types of transactions. Surprisingly, the sheer amount of stolen accounts has devalued each account to about one dollar each. With a large number of stolen accounts, hackers sell “account checkers” which is software that rapidly tests Airbnb accounts. The notion is simple, Buyers can enter accounts into the checker and it will tell them which are real and fake, some checkers will even make bookings.
In conclusion, cybercriminals have been developing ways to exploit popular platforms such as Airbnb by using stealers to obtain cookies which they can then use to impersonate and gain unauthorized access to accounts. Criminals will sell compromised data for a total of one dollar each as the number of stolen accounts is so large they have devalued each other. It is now more important than ever to take security measures and raise efforts to protect personal information from cyber threats like these.