Joker’s Stash is known as the Internet’s most popular “carding shop” for criminals to buy and sell stolen credit cards. Group-IB recently discovered 1.3 million payment card details up for sale on the site. “More than 98% belong to Indian banks, 1% to Colombian, and more than 18% of the 550K cards that have been analyzed so far belong to a single Indian bank,” stated Group-IB. The cards are being sold for around $100 per card, setting the criminals up to make a hefty profit of around $130 million if all of the cards are sold. Since the information is fresh, researchers from Group-IB have not yet been able to determine the source of a possible breach that the information may have come from. However, there have been some early examinations that suggest the information may have come from skimming devices that were installed on PoS (Point-of-Sale) systems or ATMs. Track 1 and Track 2 data which is typically located on a credit or debit card’s magnetic strip was found with the payment cards, ruling out a Magecart attack because these are carried out with e-skimmers installed on e-commerce websites, whereas Track 1 and Track 2 data isn’t seen. Furthermore, there are multiple banks that the cards come from, leaving out the chance of just one bank’s ATM system being compromised. This is one of the largest dumps that has been seen this year and all of the cards were placed on the site at the same time. This means that the threat actor group responsible for the dump is likely trying to sell as many cards as they can before banks take defensive anti-fraud measures to block the use of the cards to make purchases.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in