Bad actors use Instagram, Facebook's photo and video-sharing platform, as a one-stop shop offering access to botnets and stolen Fortnite and Spotify accounts according to a report from Motherboard's Joseph Cox.
Instagram wouldn't be the first place one would consider to buy a stolen account or to rent a botnet for some quick distributed-denial-of-service (DDoS) attacks, but cybercrooks made it their new home given that there's less content moderation when compared with other social networks.
Another reason would be that not everyone who wants to buy their stolen virtual goods is knowledgeable enough to reach them on the dark web.
Cox found some Instagram users advertising both stolen accounts for games and online services such as Fortnite and Spotify, and access to botnets which their sellers promote as being powered by IoT devices infected created using Mirai strains.
Besides stolen game and online services accounts, you can also buy or rent botnets on Instagram
Although many of them are selling the botnets as they are, some of them also provide renting services with monthly subscriptions ranging from $5 to $80, probably depending on the number of devices they're made of or their DDoS capabilities.
The hackers who now call Instagram their home have also moved to other lucrative businesses and, like already mentioned above, they take advantage of the ever-increasing popularity of the Fortnite battle royale game to sell stolen accounts with rare skins and in-game upgrades.
As uncovered by Cox, most of the Instagram users who sell botnets and stolen accounts are following each other and are "organized" as a hacking community.
This might be good for business but, given that Instagram's terms of service say that their platform's users can't "do anything unlawful, misleading, or fraudulent or for an illegal or unauthorized purpose," it will also make it a lot easier for the social network to look into the issue and take the necessary steps to stop them.