Blog Trainings Request a Demo Login
Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | Dark Web Offers Exploits, AT&T Access, Ledger Scam Kit, and 100K Stolen Cards
Table Of Content
Related Articles
SOCRadar® Cyber Intelligence Inc. | Top 10 Cyber Threat Actors Targeting Brazil
Top 10 Cyber Threat Actors Targeting Brazil
Jun 03, 2026
SOCRadar® Cyber Intelligence Inc. | Top 10 Dark Web Search Engines
Top 10 Dark Web Search Engines
Jun 03, 2026
SOCRadar® Cyber Intelligence Inc. | Dark Web Profile: BlindEagle
Dark Web Profile: BlindEagle
Jun 02, 2026
SOCRadar® Cyber Intelligence Inc. | Italian Hospitality and AT&T Data Claims, Hinge Dump Sale, Meta Llama Leak, and MobiFriend Dataset
Italian Hospitality and AT&T Data Claims, Hinge Dump Sale, Meta Llama Leak, and MobiFriend Dataset
Jun 01, 2026
SOCRadar® Cyber Intelligence Inc. | WhatsApp 3B Dump, OnlyFans 340M Records Sale, BlockFi Email Leak, Ramen Kuroda Data Leak, and VSP Security Wholesale Breach
WhatsApp 3B Dump, OnlyFans 340M Records Sale, BlockFi Email Leak, Ramen Kuroda Data Leak, and VSP Security Wholesale Breach
May 25, 2026
Free Dark Web Report
Is your Domain/Email Exposed?
Sep 01, 2025
5 Mins Read
Moon

Dark Web Offers Exploits, AT&T Access, Ledger Scam Kit, and 100K Stolen Cards

SOCRadar’s Dark Web Team has identified a new wave of underground activity involving high-value exploits, access, and data leaks. Threat actors are advertising an alleged Android 0-day affecting versions 11 through 15, persistent unauthorized access to AT&T’s core infrastructure, and a dump of over 100,000 credit cards from multiple countries. Additionally, a new scam page targeting Ledger wallet users has been leaked, suggesting broader phishing campaigns targeting the crypto community.

Receive a Free Dark Web Report for Your Organization:

Alleged 100K Credit Cards of Several Countries are on Sale

Alleged 100K Credit Cards of Several Countries are on Sale

SOCRadar Dark Web Team detected a new dark web post advertising the sale of over 100,000 alleged credit cards from multiple countries. The listing claims to include payment card data from the United States, United Kingdom, France, and Canada. According to the threat actor, the dataset contains sensitive details such as credit card numbers, expiration dates, CVV codes, addresses, ZIP codes, emails, and phone numbers. A sample table of partially redacted entries was provided to showcase the authenticity of the dump. The threat actor priced the entire package at $2,000, accepting payments exclusively in Monero and Bitcoin. Although a Session ID and QTOX contact were included, the seller stated they do not use Telegram for communication.

Alleged Scam Page of Ledger is Leaked

Alleged Scam Page of Ledger is Leaked

SOCRadar Dark Web Team detected a new dark web post sharing an alleged scam page targeting Ledger users. Ledger is a France-based company known for manufacturing hardware wallets, such as Ledger Nano S and Nano X, designed to securely store cryptocurrency private keys offline.

In this case, the post advertises a “Ledger Wallet 2025 Smart Scampage Inferno Multichain,” which mimics the official Ledger interface. According to the description, the kit features a redesigned 2025 UI inspired by Ledger, anti-bot protection mechanisms, responsive design for both desktop and mobile, and seed phrase capture functionality. The threat actor highlights the tool as lightweight and “educational purpose” only, though the intent appears fraudulent. A download link was provided via anonymized file-sharing, and the actor invited direct messages for further information.

Alleged Unauthorized Access Sale is Detected for AT&T

Alleged Unauthorized Access Sale is Detected for AT&T

SOCRadar Dark Web Team detected a new dark web post offering alleged unauthorized access to AT&T’s infrastructure. The threat actor claims to have established persistent access within AT&T’s Tier 1 infrastructure, maintaining a custom load in the core systems for more than three weeks without triggering alerts. According to the post, the actor allegedly has visibility over more than 24 million active subscribers, with the ability to interact at a full read/write level and real-time synchronization. A proof screenshot was included, and the access is being advertised for sale at $100,000, payable exclusively in Bitcoin.

Alleged 0-Day Exploit of Android is on Sale

Alleged 0-Day Exploit of Android is on Sale

SOCRadar Dark Web Team has identified a new dark web post advertising an alleged zero-day exploit targeting Android devices. According to the threat actor, the vulnerability resides in the Android MMS parser and impacts Android versions 11 through 15 on ARM (32/64-bit) architectures. The bug is classified as memory corruption and is presented as part of a comprehensive exploit chain, enabling remote code execution (RCE), full privilege escalation to root (uid=0), and sandbox escape. The actor emphasizes the exploit’s stealth characteristics, noting that it requires no user interaction and does not generate any crash indicators.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.