With digital goods it's probably easier to illegally copy them from victim's machine after they've been (legitimately) purchased, so they are more likely obtained via password grabbers.
I imagine stealing paysites' credentials is a sort of a bike theft of the criminal web - low profit, low risk.
I imagine stealing paysites' credentials is a sort of a bike theft of the criminal web - low profit, low risk.