Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Darknet Markets. Show all posts

Genesis Market: Formerly a Popular Dark Web Marketplace Now up for Sale


If one wishes to own a defunct darknet business, they could try reaching out to the backers of Genesis Market, the formerly high-and-mighty seller of stolen data. Today, they appear to be desperate to sell their formerly valued asset for scrap.

According to a report by The Record, several advertisements for the sale of Genesis have recently appeared on underground forums. The FBI deactivated the website early this year as part of an investigation that saw the arrest of numerous site administrators and users. The platform had previously been a popular location for hacking services and stolen data.

The FBI later conducted hundreds of raids in countries all over the world, where several websites were seized that effectively crippled the platform’s operation. One might assume that there would not be much left to sell given the extent of the operation.

However, according to The Record, on June 28 a user account that appears to be associated with Genesis' operators started posting about the business's sale. The user asserted that the darknet platform of the marketplace was still functional and that the FBI had only taken control of the open web domains of the marketplace. Reportedly, the sale involves illegal business infrastructures, including “a complete database (except for some details of the client base), source codes, scripts, with a certain agreement, as well as server infrastructure.”

Although if you are a potential buyer, there are certain concerns that come with such acquisition. They include: 

  • Buying these sites is certainly illegal, and may get you in trouble. 
  • The likelihood that it is some sort of FBI honeypot operation does not seem implausible. 
  • It is hard to assume that Genesis will make a comeback anytime soon because its reputation among users of the darknet is completely destroyed.

Regardless, the answer to how the dark net is doing lately is quite intriguing. Past few years have apparently been challenging for the virtual underworld, thanks to the active and aggressive operations against it by the Justice Department.

A report from February notes that the Darknet revenue has lately experienced losses. The FBI exposing the Hydra marketplace further dropped the revenue flow exponentially. Prior to its downfall, Hydra was one of the most popular cybercrime hotspots on the web. The state’s operation against it seems to have hugely impacted the dark web economy. The Genesis shutdown is likely to have only contributed further to the disturbance in the web’s murkiest realm.

Cybercriminals Set Android Apps For Sale for Up to $20K a Piece


Cyber threat actors have lately been targeting the official Google Play app store’s security by developing trojan malwares for existing Android apps, selling the malwares for up to $20,000 a piece on darknet markets. 

In a blog post published on April 10, Kaspersky researchers reported their findings of a thorough analysis of nine of the most well-known Dark Web forums. They discovered a booming market of buyers and sellers exchanging access to botnets, malicious Android applications, and app developer accounts for hundreds of dollars at a time by monitoring activities between 2019 and 2023. 

Some highly valuable products, such as source code that can let a threat actor hack into an existing cryptocurrency or a dating app on Google Play can cost several thousand dollars. 

"It's an infinite cat and mouse game[…]The attackers find a way to bypass security scanners. Then the people developing the security scanners deploy patches to ensure that doesn't happen again. Then the attackers find new flaws. And it goes on and on," says Georgy Kucherin, Kaspersky research with regards to Google’s app security. 

The Marketplace for Google Play Hacks 

Any program that is posted to the Apple or Google app stores undergoes a rigorous inspection. However, according to the Kaspersky researchers “just like any security solution that exists in the world, it's not 100% effective[…]Every scanner contains flaws that threat actors exploit to upload malware to Google Play." 

Commonly, there are two methods by with a hacker attempts to sneak malware onto an app store: 

  • The first method entails publishing a completely safe software to the app store. If it has been approved, or even better, if it has attracted a sizable enough audience, hackers will submit an update that contains the malicious code. 
  • The second involves hackers compromising legitimate app developers, accessing their accounts to upload malware to already-existing programs. With no two-factor authentication and strong password restrictions in place, app developer accounts are more vulnerable to hacking. Credential leaks occasionally enable hackers to accomplish the majority of their goals by giving them access to important company development systems and accounts. 

Moreover, depending on the developer, access to a Google Play account may only cost as little as $60, depending on the developer. However, other, more beneficial accounts, resources, and services have significantly greater costs. 

For example, considering the power they hold, loaders — the software necessary to deploy malicious code into an Android app — can cost big bucks on the darknet markets, ranging up to a whopping $5,000 each for an instance. 

A well-resourced criminal could well go with a premium package, like the source code for a loader. 

 "You can do whatever you want with that — deploy it to as many apps as you want[…]You can modify the code as much as you want, adapting it to your needs. And the original developer of the code may even provide support, like updates for the code, and maybe new ways to bypass security measures," Kucherin explains. 

How Can a Company Protect Itself from Google Play Threats 

The threats posed by Google Play are a cause of great concern to organizations, especially the ones with feeble enterprise security. Kucherin notes that many businesses still have lax bring-your-own-device arrangements in place, which extend the security perimeter outside of corporate networks and right into the hands of its employees. 

"Say an employee installs a malicious app on the phone[…]If this app turns out to be a stealer, cybercriminals can get access to, for example, corporate emails or sensitive corporate data, then they can upload it to their servers and sell it on the Dark Web. Or even worse: An employee might keep their passwords in, for example, their phone's notes app. Then hackers can steal those notes and get access to corporate infrastructure," he explains. 

In order to prevent such severe outcomes, Kucherin suggests two simple precautionary measures: 

One, you can teach the employees cyber-hygiene principles, like not downloading apps that are not trusted. However, this might not suffice, so "another thing you can do — though it's more expensive — is give your employees a separate phone, which they will use only for purposes of work. Those devices will contain a limited number of apps — just the essentials like email, phone, no other apps allowed,” he adds. 

Just as it is for the cybercriminals, you have to pay more to get more, he notes: "Using dedicated work devices is more effective, but more expensive."  

Darknet Markets: Millions in Revenue Generated by Selling Stolen Personal Data

 

A recent research report by The Conversation demonstrates that, much like many legal commodities, stolen products are distributed via a supply chain that includes producers, wholesalers, and consumers. However, this supply chain entails links of several criminal organizations, operating in an illicit underground marketplace. 

Producers, Wholesalers, and Distributors

This supply chain of compromised data begins with the inclusion of a producer, i.e. a hacker or a threat group, who gains unauthorized access to vulnerable systems and steals sensitive information. The stolen data may include credit card numbers, bank account information, social security number, etc. 

The stolen data is then advertised by wholesalers and distributors, in order to trade the data. 

In the end, a consumer may purchase the stolen data. This data is utilized in order to commit cybercrime activities, or scams like fraudulent credit card transactions, identity thefts, or phishing attacks. 

This trade of stolen data between producers, wholesalers, and consumers is reportedly carried out in the darknet markets, which are illicit websites, imposing as legitimate e-commerce websites, except they are accessible only when operated through a special browser or authorization codes. 

According to reports, several thousand sellers were found selling tens of thousands of stolen data products, on just 30 darknet markets. Over an eight-month period, these data retailers have generated a whopping sum of $140 million or more in sales. 

Darknet Markets: 

Darknet markets offer a platform for sellers to get in touch with potential customers to aid transactions, much like any conventional e-commerce website. However, darknet markets are well-recognized for selling illegal products. Another significant distinction is the need for specialized software, such as the Onion Router, or TOR browser, which offers security and anonymity to the user, to access darknet markets. 

Renowned darknet market, Silk Road came to light in the year 2011 by apparently combining TOR and bitcoin. Later, in 2013, the market was eventually seized, with the founder, Ross Ulbricht being sentenced to two life sentences plus an additional 40 years of imprisonment without the chance of parole. The severe prison term given to Ulbricht did not have the anticipated deterrent impact. To fill the void, numerous markets developed, which led to the development of a robust ecosystem that profited from stolen personal data. 

Taking into consideration how major a role the darknet market plays in trafficking stolen data, the study conducted the largest systematic examination of stolen data markets, in order to better comprehend the extent of the illegal darknet ecosystem. The study first examined 30 darknet markets, which advertised stolen products. 

Further information was deciphered about the stolen products of the market in the course of a week for eight months, from September 1, 2020, through April 30, 2021. The information extracted from this scrutiny was utilized to determine the number of vendors trading the stolen products, the number of stolen data products advertised, the number of products sold and the amount of revenue generated. 

The study, after evaluating the ecosystem's overall characteristics, analyzed each market separately. In doing so, it was discovered that a small number of markets were in charge of selling the majority of the stolen data items. Apollon, WhiteHouse, and Agartha were the three biggest markets, accounting for 58% of all sellers. The total number of sales ranged from 0 to 237,512, and the number of listings ranged from 38 to 16,296. During the 35-week period, there were significant variations in each market's total revenue, which ranged from $0 to $91,582,216 for Agartha, the most successful of all markets mentioned.  

Darknet Stolen Data Marketplaces

The research done by The Conversation sheds like on the booming underground economy and illicit supply chains of stolen data, that are being operated in the darknet markets. For as long as the data continues to be stolen, there is a possibility of an upsurge of marketplaces to trade the stolen information. 

While the darknet markets could not be possibly taken down directly, efforts to prevent the customers from utilizing the stolen data offer some hope in the picture. One way to do this is, by utilizing the advancement of A.I. technology, which can provide law enforcement agencies, financial institutions, and others with the information required to prevent data from being stolen, or stolen data utilized for cybercrime activities. 

This would further halt the flow of stolen data in supply chains, eventually disrupting the underground economy that is largely benefitting from your personal information.