Nov 29, 2024
Dark Web Alerts: Xeno RAT, OneCard Data, and Israeli Credit Cards
Recent findings by SOCRadar’s Dark Web Team reveal a surge in cyber threats in hacker forums, including the release of Xeno RAT, a powerful remote access tool with extensive control features. Additionally, an alleged breach involving OneCard has exposed sensitive customer onboarding and KYC data, while a database of 1.7 million Israeli credit cards is up for sale. Further discoveries include an alleged database containing 3 million Hong Kong ID records, highlighting the growing scale of personal data leaks on Dark Web platforms.
Receive a Free Dark Web Report for Your Organization:
Alleged Share of Xeno RAT
SOCRadar Dark Web Team detected a post on a hacker forum announcing the release of a remote access tool (RAT) named Xeno RAT. The threat actor claims that Xeno RAT is an open-source RAT tool developed in C# and designed for Windows 10 and 11, offering extensive remote access capabilities.
According to the threat actor’s claims, Xeno RAT includes features such as Hidden Virtual Network Computing (HVNC), real-time microphone access, a Socks5 reverse proxy, and frequent updates. Additional functionalities include keylogging, webcam access, screen control, process management, file management, and various interactive features like chat, bluescreen triggering, and message box creation.
Alleged Data of OneCard Are on Sale
SOCRadar Dark Web Team detected a post on a hacker forum where a threat actor shared details about data allegedly linked to OneCard, a financial services company in India. The threat actor claims the breach originated from a third-party onboarding company, resulting in the exposure of over 1TB of sensitive customer onboarding and Know Your Customer (KYC) data affecting multiple financial firms in India.
The threat actor asserts that 266GB of the exposed data pertains to OneCard. This dataset reportedly includes 451,000 files in formats such as .PNG, .MP4, and PowerPoint presentations, along with nine .json files containing additional information. The threat actor claims that after receiving no response from OneCard, they decided to offer the data for sale.
1.7 Million Credit Cards Belonging to Israel Are on Sale
SOCRadar Dark Web team detected a post on a hacker forum advertising the sale of an alleged database containing 1.7 million Israeli credit cards. According to the threat actor, the database includes cardholder names, ID numbers, card numbers, expiration dates, CVV codes, card types, and phone numbers.
Alleged Database of Census with 3 Million Hong Kong ID Records is on Sale
SOCRadar Dark Web team detected a post on a hacker forum advertising the sale of an alleged database. The threat actor claims that the database contains information from Hong Kong ID cards, comprising a total of 3 million entries. The data reportedly includes phone numbers, Chinese and English names, ID card numbers, and both Chinese and English addresses.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.
Related Articles
Dark Web Market: Abacus Market
Dark Web Profile: Moonstone Sleet
Nov 22, 2024
Subscribe to our newsletter and stay updated on the latest insights!