The Week in Dark Web – 5 December 2022 – Malware Sales and Data Leaks
Powered by DarkMirror™
The sales of new services drew our attention most in the chatter of hackers last week. These tools, which threat actors can use in future attacks, prove that the cybercrime ecosystem is evolving.
Additionally, leaks to leading e-commerce and social media networks are also spot on.
Here’s what happened on the dark web last week.
Find out if your data has been exposed on the deep web.
Data of LinkedIn Users from the U.S. are Leaked
SOCRadar found a post about a LinkedIn database that includes U.S. users on 29 November. The data is sorted from another leak file and the origins of 50 different files where each corresponding to a state in the U.S. The leak contains personally identifiable information (PII).
A New Bypass Tool for Threat Actors is for Sale
SOCRadar Dark Web team has discovered a sale post on a hacker forum related to an improved version of MaaS (Malware-as-a-Service) that can mask harmful payloads in different formats, icons, and extensions. According to the post, the malware exploits the CVE-2022-34713, a Microsoft vulnerability patched on 9 August 22. Therefore, it is highly advised to update your devices. The cost of the MaaS is €1900 for a month, €3400 for two months, and €5000 for lifetime use. Furthermore, the vendor offers tutorial videos and support services.
A Stealer is Shared to the Public Use
On 28 November, the SOCRadar Dark Web team detected a post on the dark web that shares stealer malware to access all users. The stealer promotes its automation, UI, and speed features where also the creator of the post also announced that they need a collaborator skilled in programming.
Database of Twitter is Spotted
SOCRadar Dark Web team detected 5.4 million Twitter users’ data on a Telegram channel on 28 November. Since July, sales of the mentioned Twitter user data have been encountered several times. Yet, this time SOCRadar has found the database is leaked for free.
A Remote Access Tool (RAT) for Sale
A SOCRadar Dark Web Researcher has found an updated version of the S-500 remote access tool (RAT) for sale on a post on a forum. According to the vendor, the mentioned RAT is the most used tool in the market. The vendor also states that s/he is one of the owners of the RAT malware.
Database of eBay is for Sale
On 28 November, SOCRadar found a database sale of about 5M eBay users in the U.S. on a telegram channel. The only known information about the database is that it contains the PII of the victims. The vendor shares a sample and invites buyers to dm.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.