Threat Watch

MagBo Black Market is the Landing Zone for Breached Websites

In a recent finding, a new marketplace has been found to have obtained 3,000 websites that were part of a large breach. These websites contain critical information and give a way for attackers to commence a multitude of malicious operations. The MagPo site is primarily Russian-speaking and advertisements were seen as early as March. Operations of this kind are a growing trend and activities such as spam campaigns, fraud, cryptocurrency mining, net penetration, and credit-sniffing script installs are carried out through the breached websites that are for sale. A good number of the sites are e-commerce, but it has also been reported that healthcare, legal, education, insurance, and government sites were also found on MagPo with hosting services in Russia, Germany, and the U.S. Although victims have been notified, the actual domains could not be released for public information due to the ongoing investigation. The price range runs from 50 cents all the way to $1000, and those numbers are calculated through a ranking system with parameters likes “average visits per day” and the host country. MagPo also peddles stolen photocopies of national documents for identity fraud, breached payment-wallet access, compromised social-media accounts and Bitcoin mixer or tumbler services.