Android RCE, CRM Breach, Axiom Crypto Drainer, and Airbus Panel Interest

SOCRadar Dark Web Team has uncovered multiple high-impact listings in underground forums, indicating continued targeting of software platforms and critical industries. Among the posts, a threat actor claims to sell a remote code execution exploit for Android at a staggering $600,000. Another advertisement offers unauthorized access to a CRM system allegedly connected to 18 companies across North America and the UK, exposing millions of customer records. Additional activity includes an actor seeking Airbus web panel access for aircraft manuals and a custom crypto drainer tool tailored to exploit the Axiom platform.

Receive a Free Dark Web Report for Your Organization:

Alleged RCE Exploit for Android Sale is Detected

SOCRadar Dark Web Team identified a forum post where a threat actor claimed to sell an alleged remote code execution (RCE) exploit for Android. The post listed the price as 600,000 USD and limited contact to private messages. The threat actor did not share technical details and no proof has been provided so far.

Alleged Unauthorized CRM Access Sale is Detected for a CRM Software Company

SOCRadar Dark Web Team identified a forum post where a threat actor advertised the sale of unauthorized access to a CRM platform allegedly managing data for 18 companies across the United States, Canada, and the United Kingdom. The access was claimed to provide visibility into over 17 million customer records with real-time updates of more than 20,000 new entries per day. Functions described included starting new customer service calls, as well as viewing, editing, and deleting orders and customer data. The threat actor stated the access did not include an email-sending feature and listed the price as $30,000.

Panel Access Purchasing Announcement is Detected for AirBus

SOCRadar Dark Web Team identified a forum post where a threat actor announced interest in purchasing access to an Airbus web panel. The post specifically sought accounts providing access to A320 and A330 aircraft manuals, noting that the legitimate annual subscription cost is approximately $20,000.

Alleged Crypto Drainer Tool Sale is Detected for Axiom

SOCRadar Dark Web Team identified a forum post where a threat actor advertised the sale of a crypto drainer tool allegedly designed to target the Axiom trading platform. The offer included a user interface, a website guide, full JavaScript source code, and complete server setup files, with contact directed through Telegram. The activity is notable as it shows the development of drainers specifically tailored to exploit legitimate trading platforms, increasing the risk for users of Axiom.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.