Instagram Ban Bypass, AI Identity Forgery, and Nova Ransomware Affiliate Drive
SOCRadar’s Dark Web Team has uncovered another round of cybercriminal activity across underground forums. This week’s findings include an alleged affiliate program for the Nova ransomware service, the sale of deepfake tools designed for identity manipulation, and newly leaked credit card and SIM registration databases. Threat actors are also offering services to reverse Instagram bans, highlighting the growing commoditization of platform abuse.
Receive a Free Dark Web Report for Your Organization:
Alleged 180K Credit Cards Belonging to the United States are on Sale

SOCRadar detected a post advertising an alleged database of 180,000 U.S. credit cards. The threat actor stated that the data includes partial records rather than full card details and invited interested parties to request pricing and more information through Telegram.
Alleged SIM Card Registration Data of Indonesia are on Sale

SOCRadar detected a post offering alleged SIM card registration data from Indonesia. The data allegedly contains over 1 million records in TXT format, including national ID numbers, phone numbers, telecom providers, and registration dates. The data is listed at $200, with escrow accepted and Telegram provided as the contact method.
Alleged AI Deepfake Tool is on Sale

SOCRadar detected a post advertising an alleged AI-powered deepfake toolkit for sale. The tool claims to offer capabilities such as synthetic identity creation, deepfake video and audio generation, voice cloning, forged document production, and virtual camera integration to bypass liveness detection. Contact is provided through Session and Telegram for potential buyers.
A Partnership Program of Nova Ransomware Service is Detected

SOCRadar detected a post promoting an alleged affiliate program for the Nova ransomware. The offering includes access to a control panel, custom ransomware builders, encrypted communication tools, and support for multiple operating systems including Windows, Linux, and VMware ESXi. Entry into the program requires a $220 fee, with a 10% commission on decryption transactions. A free tier is offered for affiliates who provide access to at least five corporate networks weekly. The post outlines training, customization options, and rules excluding attacks on Russian and Palestinian governments or non-profits.
Instagram Ban Service is Detected

SOCRadar detected a post offering an alleged Instagram unban service targeting permanently suspended accounts. The service claims to restore access within minutes for permanent bans and a few days for standard cases, with prices ranging from $600 to $2,000. Recovery is advertised for various ban reasons, including policy violations, impersonation, and harmful content. The actor requests account details, linked email, follower count, and a screenshot of the ban message.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.
