With the development of communication infrastructure in smart grids, cyber security reinforcement has become one of the most challenging issues for power system operators. In this paper, an attacker is considered a participant in the virtual bidding procedure in the day-ahead (DA) and realtime (RT) electricity markets to maximize its profit. The cyber attacker attempts to identify the optimal power system measurements to attack along with the false data injected into measurement devices. Towards the maximum profit, the attacker needs to specify the relation between manipulated meters, virtual power traded in the markets, and electricity prices. Meanwhile, to avoid being detected by the system operator, the attacker considers the physical power system constraints existing in the DA and RT markets. Then, a bilevel optimization model is presented which combines the real electricity market state variables with the attacker decision-variables. Using the mathematical problem with equilibrium constraints, the presented bilevel model is converted into a single level optimization problem and the optimal decision variables for the attacker are obtained. Finally, simulation results are provided to demonstrate the performance of the attacker, which also provides insights for security improvement. INDEX TERMS Cyber-security, electricity market, false data injection, mathematical programming with equilibrium constraints.