How Are Cybercriminals Using Openbullet? «Desktop»

In the underground economy of cybercrime, efficiency is king. Manually testing stolen username-password pairs against hundreds of websites is slow and tedious. Enter OpenBullet : a legitimate, open-source web testing tool that has been twisted into one of the most prolific weapons for account takeover (ATO) attacks.

Originally designed for security researchers to perform penetration testing and stress-test login systems, OpenBullet is, in the wrong hands, a high-speed digital crowbar. Here is exactly how cybercriminals use it. At its heart, OpenBullet is a "bullet" launcher. The "bullets" are lists of stolen credentials (combolists), and the target is a website. The magic—and the danger—lies in configs . how are cybercriminals using openbullet?