Recently launched E-shop sells access to hundreds of hacked PayPal accounts

by

Share this news now.

Largely relying on sophisticated and legitimate-looking phishing campaigns, next to active data mining of a botnet’s infected population, today’s cybercriminals are in a perfect position to monetize these fraudulently obtained assets in the form of compromised accounts.

From compromised social networking accounts, to direct access to compromised servers and desktop PCs, the market segment has been steadily growing over the past couple of months.

In this post I’ll profile a newly launched cybercrime-friendly E-shop selling access to compromised accounts belonging primarily to PayPal users, but also, compromised accounts belonging to Apple, Walmart, Ebay and Skype users.

More details:

Sample screenshot of the newly launched service selling hundreds of PayPal accounts:

Second screenshot offering a peek inside the the cybercrime-friendly E-shop:

Third screenshot offering a peek inside the the cybercrime-friendly E-shop:

Fourth screenshot offering a peek inside the the cybercrime-friendly E-shop:

Just how dynamic is the market segment for selling compromised accounting details? Let’s assess this by going through the updates posted on behalf of the E-shop’s owner:

- 05:49:12 20/Sep/2012: Looking for reseller of ( RDP , CVV ) contact me via ICQ
- 05:48:17 20/Sep/2012: Update UK Paypal ( Mail | Balance )
- 05:47:43 20/Sep/2012: Update Fresh Apple Account with CC
- 19:55:46 12/Sep/2012: Update United Kingdom Paypal’s
- 19:55:16 12/Sep/2012: Update Walmart Account ( Bulk ) Fresh
- 19:54:47 12/Sep/2012: Update Ebays ( Bulk Account ) High Feedback
- 04:36:37 06/Sep/2012: Update UK Paypal
- 04:36:20 06/Sep/2012: Update Fresh Ebay Account
- 03:36:18 31/Aug/2012: Order for bulk open again , you can request account in a bulk ( ebay,walmart,skype,etc) Contact Icq
- 03:35:04 31/Aug/2012: Update ExtraMC ( Include ssn/dob/etc/mail access )
- 03:34:11 31/Aug/2012: Update US CC Valid rate 85-90%
- 03:33:49 31/Aug/2012: Update Ebay account with mail access
- 03:33:23 31/Aug/2012: Update 50 UK Paypals
- 15:17:30 28/Aug/2012: Well Fargo & Chase Log Available via [ICQ]
- 12:18:02 27/Aug/2012: Fresh USA administrator RDP only $4
- 23:23:19 20/Aug/2012: BillMeLater Available ( Full Info ) Contact ICQ
- 23:22:53 20/Aug/2012: Paypal SmartConnect ( Full info include Dob-SSN) Available ) Contact ICQ
- 21:40:51 17/Aug/2012: Update UK Paypal
- 12:24:48 15/Aug/2012: eBay Account ( Mail Access )
- 12:23:59 15/Aug/2012: Update UK Paypals ( Mail | Balance )
- 00:01:37 09/Aug/2012: Update eBay Account
- 00:01:20 09/Aug/2012: Update UK & US Paypal’s
- 00:00:48 09/Aug/2012: Update USA RDP
- 23:33:42 05/Aug/2012: Update USA CC’S 50
- 23:33:20 05/Aug/2012: Update Skype (Balance + Online number)
- 23:32:44 05/Aug/2012: Update RDP ( AU,US)
- 23:32:19 05/Aug/2012: Update Paypal Worldwide
- 23:31:59 05/Aug/2012: Update Paypal UK
- 17:44:35 04/Aug/2012: Changing New Host and Last site Backup is 31/07/2012
- 17:44:00 04/Aug/2012: Site Has been Ddosed by 1Gbps attack
- 17:43:25 04/Aug/2012: Sorry for the Down Time
- 17:27:16 30/Jul/2012: Update Fresh UK Paypal ( Mail Access )
- 17:26:40 30/Jul/2012: Update Worldwide Paypal
- 20:25:44 27/Jul/2012: Update Paypals ( Mail + Balance )
- 20:24:59 27/Jul/2012: Update Admin RDP USA
- 20:24:42 27/Jul/2012: Update Ebay Account
- 20:24:20 27/Jul/2012: Update Amazon Account
- 20:23:58 27/Jul/2012: Update BestBuy Account
- 20:23:44 27/Jul/2012: Update Apple Account
- 20:23:27 27/Jul/2012: Update Walmart
- 08:41:31 21/Jul/2012: Please Use Mozilla Firefox
- 21:54:04 19/Jul/2012: Update Account ( Overstock , Apple , Dell )
- 21:53:38 19/Jul/2012: Update CC’s * USA CANADA
- 21:53:14 19/Jul/2012: Update Walmart Account
- 21:52:59 19/Jul/2012: Update Paypals ( Mail Access )
- 19:00:31 17/Jul/2012: Update Ebay / Overstock
- 19:00:18 17/Jul/2012: Update CC’S
- 18:59:58 17/Jul/2012: Update Paypals
- 19:00:56 14/Jul/2012: Shop Back’s Online
- 18:32:24 24/Jun/2012: Reseller Welcome
- 18:31:53 24/Jun/2012: Update Ebay Account
- 18:31:41 24/Jun/2012: Update Walmart Bulk Account
- 18:31:21 24/Jun/2012: Update 150 US Paypal
- 16:10:42 20/Jun/2012: Update OverStock Account
- 16:10:23 20/Jun/2012: Update Overstock ( Bulk )
- 16:10:05 20/Jun/2012: Update Paypals UK / US
- 11:33:24 19/Jun/2012: Update 70 UK Paypal
- 11:32:41 19/Jun/2012: Good day , we are now provide new service for increase your followers and Likes , for more information contact our support ICQ
- 12:13:41 11/Jun/2012: For Bulk Ebay / Amazon / Mail Checked Kindly Contact our ICQ
- 12:13:10 11/Jun/2012: Please Download your purchased
- 12:12:26 11/Jun/2012: Register will closed Soon
- 12:11:17 11/Jun/2012: Update Verified Paypal + Mail + Balance
- 12:10:50 11/Jun/2012: Update Paypal Unverfied + Mail + Balance
- 12:10:27 11/Jun/2012: Update GoogleCheckout
- 12:10:05 11/Jun/2012: Update Ebay With Mail Acess

It’s pretty obvious that the E-shop’s owner is interested in retaining his customers by issuing periodic updates to the database consisting of compromised accounts obtained either through phishing campaigns, or through data mining a botnet’s infected population.

We’ll continue monitoring the development of the service.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.


Share this news now.
Recently launched E-shop sells access to hundreds of hacked PayPal accounts by

Tags:



About the Author

Name: Dancho Danchev
Role: Contributing Threat Researcher

Share this news now.

Dancho Danchev is an internationally recognized security blogger, cybercrime researcher, and a public speaker.  He’s been an active security blogger since 2006, maintaining a popular security blog, where he shares detailed analyses of tactics, techniques, and procedures (TTP) of malicious and fraudulent adversaries.

You can find out more about Dancho’s expertise and experience at his LinkedIn Profile, or at Wikipedia.

You can also follow him on  TwitterGoogle+ or Facebook.


Share this news now.
Recently launched E-shop sells access to hundreds of hacked PayPal accounts by

Trackbacks

  1. [...] Danchev a découvert le site et a publié un article sur ce dernier sur le site Webroot. Le site pirate belge est détaillé et son activité illégale [...]

  2. [...] some of them are so efficient in the process of obtaining PayPal accounting data, that they launch online shops targeting fellow cybercriminals who are interested in purchasing the fraudulently obtained data. We’ve also seen the brand [...]

  3. [...] novice cybercriminals continue launching new DIY cybercrime-friendly e-shops offering access to compromised accounts, harvested email databases, and accounts that have been purchased using stolen credit card data, [...]

  4. [...] E-shop – part five; New Russian service sells access to compromised Steam accounts; Recently launched E-shop sells access to hundreds of hacked PayPal accounts; Exposing the Market for Stolen Credit Cards Data). These sources, both public and invite/vetted [...]

  5. [...] behind the service using, and does the newly launched E-shop share any similarities with the E-shop selling access to hacked PayPal accounts that we profiled in [...]

  6. [...] a usuarios residentes en Estados Unidos con cuenta en Paypal, pero los datos de la fuente también indican que algunas de las cuentas comprometidas también pertenecen a usuarios de Apple, Walmart, usuarios [...]

  7. [...] a usuarios residentes en Estados Unidos con cuenta en Paypal, pero los datos de la fuente también indican que algunas de las cuentas comprometidas también pertenecen a usuarios de Apple, Walmart, usuarios [...]

  8. [...] Em 2012 o mesmo site havia encontrado outra loja com funcionalidade similares, que chegava a vender até contas do Google Checkout, Ebay, Walmart e outros sites. Você pode conferir mais informações sobre ele neste link. [...]

  9. [...] a usuarios residentes en Estados Unidos con cuenta en Paypal, pero los datos de la fuente también indican que algunas de las cuentas comprometidas también pertenecen a usuarios de Apple, Walmart, [...]

  10. [...] compromised FTP credentials, CPanel accounts, portfolios of domains, to hacked PayPal and Steam accounts, cybercriminals are actively utilizing compromised infrastructure as a foundation [...]