Category Archives: Intel471

Who and What is Behind the Malware Proxy Service SocksEscort?

Posted on by

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort, which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. Continue reading Who and What is Behind the Malware Proxy Service SocksEscort?

After Joker’s Stash shutdown, the market for stolen financial data looks a lot different

Posted on by

The closure of the Joker’s Stash cybercrime forum put a lasting dent in the overall market for stolen payment-card data on the dark web, researchers say, amid other factors complicating business for crooks aiming to trade in illicit credit or debit card information. From mid-2020 to mid-2021, the value of the “carding” market fell to $1.4 billion, compared $1.9 billion during the same period a year earlier, according to cybersecurity company Group-IB, which attributes the shrinkage largely to the disappearance of Joker’s Stash. The FBI and Interpol disrupted the market’s digital infrastructure in December 2020, and by February 2021, it had shut down. The site hosted data dumps from all over the globe, including U.S. restaurant patrons and Indian bank customers. Criminal groups like the gang known as FIN7 knew they would find customers on the forum. (Those customers quickly scattered to myriad other sites.) While the market shift happened, […]

The post After Joker’s Stash shutdown, the market for stolen financial data looks a lot different appeared first on CyberScoop.

Continue reading After Joker’s Stash shutdown, the market for stolen financial data looks a lot different

A ‘coordinated police’ action against the Joker’s Stash took a small domain offline

Posted on by

An ongoing law enforcement operation has disrupted aspects of a leading website where internet scammers frequently buy and sell stolen data, according to the site’s administrators and multiple sources with visibility into the site.  A message posted Thursday on a forum at the Joker’s Stash, a marketplace where members have previously listed millions of payment cards stolen from U.S. restaurant chains, notifies members that “these bastards busted” an “external proxy server” connected to a section of the site. Other aspects of Joker’s Stash remained functioning normally at press time Thursday, though one researcher suggested the action represented a kind of warning to the site that has facilitated fraud since at least 2015.  “This relates to a coordinated police operational activity that is ongoing, and at this time we are not in a position to comment,” Interpol, the inter-governmental law enforcement organization based in France, said in an email. The affected […]

The post A ‘coordinated police’ action against the Joker’s Stash took a small domain offline appeared first on CyberScoop.

Continue reading A ‘coordinated police’ action against the Joker’s Stash took a small domain offline

Meet the World’s Biggest ‘Bulletproof’ Hoster

Posted on by

For at least the past decade, a computer crook variously known as “Yalishanda,” “Downlow” and “Stas_vl” has run one of the most popular “bulletproof” Web hosting services catering to a vast array of phishing sites, cybercrime forums and malware download servers. What follows are a series of clues that point to the likely real-life identity of a Russian man who appears responsible for enabling a ridiculous amount of cybercriminal activity on the Internet today. Continue reading Meet the World’s Biggest ‘Bulletproof’ Hoster

Is ‘REvil’ the New GandCrab Ransomware?

Posted on by

The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.” Continue reading Is ‘REvil’ the New GandCrab Ransomware?