Profiling CSAM Consumers Using Infostealers Data

This report presents a reverse-investigation methodology that uses data from InfoStealer logs (credentials, cookies, browser-saved wallets, and hardware serial numbers) to map Dark Web CSAM domains to infected devices, pivot from device identifiers to other leaked sources, and thereby profile and deanonymize site users; the author includes case examples illustrating identification of fake and real identities and discusses limits and scalability of the approach.