October 12, 2012Dancho Danchev By Dancho Danchev

Recently launched E-shop sells access to hundreds of hacked PayPal accounts

Largely relying on sophisticated and legitimate-looking phishing campaigns, next to active data mining of a botnet’s infected population, today’s cybercriminals are in a perfect position to monetize these fraudulently obtained assets in the form of compromised accounts.

From compromised social networking accounts, to direct access to compromised servers and desktop PCs, the market segment has been steadily growing over the past couple of months.

In this post I’ll profile a newly launched cybercrime-friendly E-shop selling access to compromised accounts belonging primarily to PayPal users, but also, compromised accounts belonging to Apple, Walmart, Ebay and Skype users.

More details:

Sample screenshot of the newly launched service selling hundreds of PayPal accounts:

Second screenshot offering a peek inside the the cybercrime-friendly E-shop:

Third screenshot offering a peek inside the the cybercrime-friendly E-shop:

Fourth screenshot offering a peek inside the the cybercrime-friendly E-shop:

Just how dynamic is the market segment for selling compromised accounting details? Let’s assess this by going through the updates posted on behalf of the E-shop’s owner:

– 05:49:12 20/Sep/2012: Looking for reseller of ( RDP , CVV ) contact me via ICQ
– 05:48:17 20/Sep/2012: Update UK Paypal ( Mail | Balance )
– 05:47:43 20/Sep/2012: Update Fresh Apple Account with CC
– 19:55:46 12/Sep/2012: Update United Kingdom Paypal’s
– 19:55:16 12/Sep/2012: Update Walmart Account ( Bulk ) Fresh
– 19:54:47 12/Sep/2012: Update Ebays ( Bulk Account ) High Feedback
– 04:36:37 06/Sep/2012: Update UK Paypal
– 04:36:20 06/Sep/2012: Update Fresh Ebay Account
– 03:36:18 31/Aug/2012: Order for bulk open again , you can request account in a bulk ( ebay,walmart,skype,etc) Contact Icq
– 03:35:04 31/Aug/2012: Update ExtraMC ( Include ssn/dob/etc/mail access )
– 03:34:11 31/Aug/2012: Update US CC Valid rate 85-90%
– 03:33:49 31/Aug/2012: Update Ebay account with mail access
– 03:33:23 31/Aug/2012: Update 50 UK Paypals
– 15:17:30 28/Aug/2012: Well Fargo & Chase Log Available via [ICQ]
– 12:18:02 27/Aug/2012: Fresh USA administrator RDP only $4
– 23:23:19 20/Aug/2012: BillMeLater Available ( Full Info ) Contact ICQ
– 23:22:53 20/Aug/2012: Paypal SmartConnect ( Full info include Dob-SSN) Available ) Contact ICQ
– 21:40:51 17/Aug/2012: Update UK Paypal
– 12:24:48 15/Aug/2012: eBay Account ( Mail Access )
– 12:23:59 15/Aug/2012: Update UK Paypals ( Mail | Balance )
– 00:01:37 09/Aug/2012: Update eBay Account
– 00:01:20 09/Aug/2012: Update UK & US Paypal’s
– 00:00:48 09/Aug/2012: Update USA RDP
– 23:33:42 05/Aug/2012: Update USA CC’S 50
– 23:33:20 05/Aug/2012: Update Skype (Balance + Online number)
– 23:32:44 05/Aug/2012: Update RDP ( AU,US)
– 23:32:19 05/Aug/2012: Update Paypal Worldwide
– 23:31:59 05/Aug/2012: Update Paypal UK
– 17:44:35 04/Aug/2012: Changing New Host and Last site Backup is 31/07/2012
– 17:44:00 04/Aug/2012: Site Has been Ddosed by 1Gbps attack
– 17:43:25 04/Aug/2012: Sorry for the Down Time
– 17:27:16 30/Jul/2012: Update Fresh UK Paypal ( Mail Access )
– 17:26:40 30/Jul/2012: Update Worldwide Paypal
– 20:25:44 27/Jul/2012: Update Paypals ( Mail + Balance )
– 20:24:59 27/Jul/2012: Update Admin RDP USA
– 20:24:42 27/Jul/2012: Update Ebay Account
– 20:24:20 27/Jul/2012: Update Amazon Account
– 20:23:58 27/Jul/2012: Update BestBuy Account
– 20:23:44 27/Jul/2012: Update Apple Account
– 20:23:27 27/Jul/2012: Update Walmart
– 08:41:31 21/Jul/2012: Please Use Mozilla Firefox
– 21:54:04 19/Jul/2012: Update Account ( Overstock , Apple , Dell )
– 21:53:38 19/Jul/2012: Update CC’s * USA CANADA
– 21:53:14 19/Jul/2012: Update Walmart Account
– 21:52:59 19/Jul/2012: Update Paypals ( Mail Access )
– 19:00:31 17/Jul/2012: Update Ebay / Overstock
– 19:00:18 17/Jul/2012: Update CC’S
– 18:59:58 17/Jul/2012: Update Paypals
– 19:00:56 14/Jul/2012: Shop Back’s Online
– 18:32:24 24/Jun/2012: Reseller Welcome
– 18:31:53 24/Jun/2012: Update Ebay Account
– 18:31:41 24/Jun/2012: Update Walmart Bulk Account
– 18:31:21 24/Jun/2012: Update 150 US Paypal
– 16:10:42 20/Jun/2012: Update OverStock Account
– 16:10:23 20/Jun/2012: Update Overstock ( Bulk )
– 16:10:05 20/Jun/2012: Update Paypals UK / US
– 11:33:24 19/Jun/2012: Update 70 UK Paypal
– 11:32:41 19/Jun/2012: Good day , we are now provide new service for increase your followers and Likes , for more information contact our support ICQ
– 12:13:41 11/Jun/2012: For Bulk Ebay / Amazon / Mail Checked Kindly Contact our ICQ
– 12:13:10 11/Jun/2012: Please Download your purchased
– 12:12:26 11/Jun/2012: Register will closed Soon
– 12:11:17 11/Jun/2012: Update Verified Paypal + Mail + Balance
– 12:10:50 11/Jun/2012: Update Paypal Unverfied + Mail + Balance
– 12:10:27 11/Jun/2012: Update GoogleCheckout
– 12:10:05 11/Jun/2012: Update Ebay With Mail Acess

It’s pretty obvious that the E-shop’s owner is interested in retaining his customers by issuing periodic updates to the database consisting of compromised accounts obtained either through phishing campaigns, or through data mining a botnet’s infected population.

We’ll continue monitoring the development of the service.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button

13 Responses to Recently launched E-shop sells access to hundreds of hacked PayPal accounts

  1. Pingback: Un site e-commerce pirate belge vend des accès à des comptes PayPal piratés | UnderNews

  2. Pingback: ‘PayPal Account Modified’ themed emails lead to Black Hole Exploit Kit « Webroot Threat Blog – Internet Security Threat Updates from Around the World

  3. Pingback: A peek inside a boutique cybercrime-friendly E-shop – part five « Webroot Threat Blog – Internet Security Threat Updates from Around the World

  4. Pingback: Cybercriminals entice potential cybercriminals into purchasing bogus credit cards data « Webroot Threat Blog – Internet Security Threat Updates from Around the World

  5. Pingback: A peek inside a boutique cybercrime-friendly E-shop – part six « Webroot Threat Blog – Internet Security Threat Updates from Around the World

  6. Pingback: New underground E-shop offers access to hundreds of hacked PayPal accounts | Webroot Threat Blog - Internet Security Threat Updates from Around the World

  7. Pingback: 1.500 cuentas de Paypal hackeadas y vendidas clandestinamente

  8. Pingback: 1.500 cuentas de Paypal hackeadas y vendidas clandestinamente | Where Is My Software

  9. Pingback: Hacker cria site que vende contas do PayPal - Tech Creative

  10. Pingback: 1500 CUENTAS DE PAYPAL HACKEADAS Y VENDIDAS CLANDESTINAMENTE | SR HADDEN CONSULTING GROUP

  11. Pingback: Cybercrime-friendly service offers access to tens of thousands of compromised accounts | Webroot Threat Blog - Internet Security Threat Updates from Around the World

Leave a Reply

Your email address will not be published. Required fields are marked *

true