A dump of 100s of 1,000s of active accounts is aimed at promoting ‘All World Cards’, a recently launched cyber-criminal site for selling payment credentials online.
Threat players have leaked 1m stolen credit cards for free online as a way to promote a fairly new & increasingly popular cyber-criminal site dedicated to…selling payment-card credentials.
Routine Monitoring
Researchers from threat intelligence firm Cyble noticed the leak of the payment-card data during a “routine monitoring of cyber-crime & Dark Web marketplaces,” researchers stated in a post published over the weekend. The cards were published on an underground card-selling market, ‘All World Cards’, & stolen between 2018 & 2019, according to info posted on the forum.
The leaked credit cards include the following fields: Credit-card number, expiration date, CVV, name, country, state, city, address, US ZIP code, email & phone number, according to threat players.
New Player
‘All World Cards’ appears to be a relatively new player to the market for selling stolen credit-card data on the Dark Web, according to Cyble. “Our analysis suggests that this market has been around since May 2021 & is available on a Tor channel as well,” according to the post.
The black market for stolen credit cards is a huge illegal business, with cyber-criminals getting their hands on card data in different ways.
Point-of-sale card skimmers, targeted Magecart attacks on websites & info-stealing trojans are among their top tools for stealing credit-card data.
Compromised Cards
In the last 6 months of 2020 alone, threat players offered more than 45m compromised cards for sale in underground credit-card markets monitored by security firm Cybersixgill, the company outlined in a report.
These cards are then used by cyber-criminals to make online purchases, including buying gift cards, that are hard to track back to them.
How Many Cards Are Active?
The perpetrators of All World Cards began selling their cyber-criminal services on carding sites in early June, seemingly to develop new business, researchers from Italian firm D3 Lab noted in a separate blog post detailing the leak, published last Fri.
“It is conceivable that the data was shared for free to entice other criminal actors to frequent their site…by purchasing additional stolen data from unsuspecting victims,” explains the post.
There is some uncertainty about how many of the cards are actually still active & available for cyber-criminals to use. Cyble researchers noted that threat players claimed that 27%, according to a random sampling of 98 cards, are still active & can be used for illegal purchasing.
Still Operational
However, according to D3 Lab’s own analysis—which involved sending the credit-card numbers to client banks “to carry out the appropriate mitigation actions” — researchers found that closer to 50% of the cards are “still operational, not yet identified as compromised,” they stated.
Cyble posted a list of the top 500 banks affected by the leak of stolen credit cards in descending order. Of the banks, 72,937 of the cards were associated the State Bank of India; 38,010 with Banco Santander (Brazil); 30480 with a US bank based in Ohio called Sutton Bank; 27,441 with JP Morgan Chase Bank N.A.; & 24,307 with BBVA Bancomer S.A., a bank based in Mexico.
https://www.cybernewsgroup.co.uk/virtual-conference-september-2021/
