Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | Italian Credit Cards, Jazeera Passenger Database, and New Decentralized Botnet Loader
Oct 27, 2025
4 Mins Read
Moon

Italian Credit Cards, Jazeera Passenger Database, and New Decentralized Botnet Loader

SOCRadar’s Dark Web Team spotted multiple underground listings this week, including auctions for Italian credit cards, a passenger dump from Jazeera Airways, and a Vidal Health dataset. Actors also offered a decentralized blockchain-backed botnet loader and KYC/sale services. While these posts lack independent proof, they raise risks for financial fraud, identity theft, and resilient botnet campaigns if verified.

Receive a Free Dark Web Report for Your Organization:

Alleged 300 Credit Cards Belonging to Italy are on Sale

Alleged 300 Credit Cards Belonging to Italy are on Sale

SOCRadar Dark Web Team identified a forum post alleging the sale of 300 credit cards said to belong to Italy. The threat actor claims the data were obtained through a sniffer and asserts a validity rate exceeding 80 percent. The post specifies a starting price of 1000, a bidding step of 100, a blitz price (immediate purchase option) of 1500, and an auction period ending 12 hours after the last bid.

All information is based on the threat actor’s statements. No independent verification or card samples were shared in the post. If accurate, this offer may represent a significant financial threat to Italian cardholders and payment institutions.

Alleged Passengers Database of Jazeera Airways is on Sale

Alleged Passengers Database of Jazeera Airways is on Sale

SOCRadar Dark Web Team identified a forum post alleging the sale of a passenger database belonging to the Kuwaiti airline Jazeera Airways. The threat actor claims a first-time breach involving 15 million passenger records collected between 2020 and 2023. The post states that newer data from 2023 to 2025 are not included in the sale. The actor offers the database for 2,500 dollars in Monero (XMR) and adds a deletion option for 5,000 dollars in the same currency.

Alleged Database of Vidal Health Insurance TPA Services is on Sale

Alleged Database of Vidal Health Insurance TPA Services is on Sale

SOCRadar Dark Web Team identified a forum post alleging the sale of a large database belonging to Vidal Health Insurance TPA Pvt. Ltd, an India-based third-party administrator. The actor claims the database contains 472 GB of data across 326,865 files and lists the dump date as October 2025. The post prices the dataset at 3,000 dollars and provides multiple contact options through encrypted messaging platforms, including Session, Signal, and Telegram.

New Decentralized Botnet Loader Sale is Detected

New Decentralized Botnet Loader Sale is Detected

SOCRadar Dark Web Team identified a forum post allegedly offering a decentralized botnet loader for sale at 200 dollars, with contact via a Telegram link. The threat actor claims the loader uses smart contracts to store encrypted commands and that only a holder of the private key can manage those commands. According to the post, bots poll multiple RPC networks and check at least three servers to verify command origin, enabling command delivery to all online bots within two to three minutes.

The actor says commands stored on the blockchain are immutable unless edited by the key holder, removing the need for domains or central servers and making takedown difficult. The listing advertises a native C++ build, anti-VM checks, autorun persistence, the ability to run exe, ps1 and cmd files, DLL injection, parent process ID spoofing, HWID-targeting, HTTP GET tasks with bot HWID user agents, and support for loading stealers, RATs, miners, clippers, and stat collectors.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.