Blog Trainings Request a Demo Login
Free Trial
Dark Web Report
SOCRadar® Cyber Intelligence Inc. | DarkGPT, Chrome 0-Day Exploit, and Financial Data Sales Detected on Dark Web
Free Dark Web Report
Is your Domain Exposed? Find Out.
Table Of Content
Moon
Home

Resources

Blog
May 05, 2025
5 Mins Read

DarkGPT, Chrome 0-Day Exploit, and Financial Data Sales Detected on Dark Web

Dark Web forums remain active with concerning developments, as SOCRadar’s Dark Web Team identifies new threats this week targeting financial institutions, browser security, and AI misuse. Highlights include an alleged sale of credit card data linked to U.S. citizens, a claimed 0-day exploit affecting Chrome on Android, and the emergence of a Telegram-based chatbot, DarkGPT, marketed for malicious purposes. Another post advertises a dataset purportedly connected to a major U.S. bank, raising additional concerns over data exposure and identity fraud.

Receive a Free Dark Web Report for Your Organization:

Alleged 450K Credit Cards Belonging to the United States are on Sale

Alleged 450K Credit Cards Belonging to the United States are on Sale

SOCRadar has identified a hacker forum post advertising the sale of 450,000 allegedly stolen credit card records belonging to U.S. citizens. The threat actor claims the data includes full card details with CVV codes and was obtained via personal email spam campaigns. Expiration dates range from 2021 to 2030, with over 220,000 cards expiring in 2026 or later. The sale starts at $22,000, with a $2,000 bidding step and an instant buy price of $30,000. Forum escrow is supported, and the listing includes the label “PPS/36/h,” which may indicate pricing or delivery format.

Alleged 0-Day RCE Exploit of Chrome is on Sale

Alleged 0-Day RCE Exploit of Chrome is on Sale

SOCRadar Dark Web Team has identified a new post advertising an alleged 0-day Remote Code Execution (RCE) exploit targeting the Chrome browser on Android devices. Labeled as a “Chrome RCE Full Chain Exploit,” the listing claims full compatibility with the latest Chrome versions on Android 15 and below. The exploit is said to deliver its payload via a one-click method, granting full root access (UID 0) along with kernel memory read/write capabilities. The seller highlights 100% success in 30 test runs, sub-two-second execution time, and no visible browser crashes, suggesting high stealth and reliability. Proof-of-concept material and further details are offered upon direct contact via Telegram.

New Telegram AI Tool DarkGPT is on Sale

New Telegram AI Tool DarkGPT is on Sale

SOCRadar has identified a new Dark Web post advertising a Telegram-based AI tool named DarkGPT, described by the threat actor as an “evil AI” designed to operate without ethical safeguards. DarkGPT is capable of generating illegal information, phishing emails, malicious code, fake news, and planning social engineering attacks—all in multiple languages.

The threat actor is also offering the source code, which allows full administrative control, lifetime access, and the ability to host the bot on any VPS or terminal. The tool features both user and admin panels and stores all conversations locally to continuously train its language model. Access is priced at $25 for one month or $150 for full source code rights. Payments are accepted in cryptocurrency, with contact provided via Telegram. The tool is text-only and does not support images or audio.

Alleged Database of U.S. Bank is on Sale

Alleged Database of U.S. Bank is on Sale

SOCRadar has identified a new Dark Web post advertising the alleged sale of a large database associated with U.S. Bank. Operated by U.S. Bancorp, this American multinational financial services firm is headquartered in Minneapolis, Minnesota and incorporated in Delaware. The threat actor claims the dataset spans 2024–2025, is available in CSV format, and requires a minimum purchase of 1 million records from a total pool of 31 million.

According to the post, the database contains extensive personally identifiable and financial information, including names, addresses, emails, dates of birth, IP addresses, Social Security numbers, driver’s license details, military status, employment and income data, and banking information such as account numbers and ABA routing codes. Interested buyers are directed to contact the threat actor via Telegram.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.

Related Articles
SOCRadar® Cyber Intelligence Inc. | Dark Web Monitoring with Open-Source Tools and Services
Dark Web Monitoring with Open-Source Tools and Services
Apr 30, 2025
SOCRadar® Cyber Intelligence Inc. | TikTok Breach Claims, Windows 0-Day Exploit, and UK Credit Card Auction Identified
TikTok Breach Claims, Windows 0-Day Exploit, and UK Credit Card Auction Identified
Apr 28, 2025
SOCRadar® Cyber Intelligence Inc. | 10 Best Dark / Deep Web Browsers for Anonymity
10 Best Dark / Deep Web Browsers for Anonymity
Apr 28, 2025
SOCRadar® Cyber Intelligence Inc. | Dark Web Market: WeTheNorth Market
Dark Web Market: WeTheNorth Market
Apr 22, 2025
SOCRadar® Cyber Intelligence Inc. | Massive Card Leak, New Phishing Tool, and Pharma Scam Attempt Detected
Massive Card Leak, New Phishing Tool, and Pharma Scam Attempt Detected
Apr 21, 2025