A threat actor is promoting a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums. Carding is the trafficking and use of stolen credit cards. These credit cards are stolen through point-of-sale malware, magecart attacks on websites, and information stealing trojans. Threat actors then sell the cards on criminal carding marketplaces where other threat actors purchase them to make online purchases, or more commonly, to buy hard-to-trace prepaid gift cards. Last week, a new criminal carding marketplace called AllWorld Cards posted to numerous hacking forums where they leaked one million credit cards for free. According to the forum post, these credit cards were stolen between 2018 and 2019. The threat actor states that a random sampling of 98 cards showed approximately 27% of the cards were still active. However, a report by Italian security firm D3Labs shows that 50% are still valid, a far more significant amount than initially indicated. “At present, the feedback returned to our analysis team is still limited, but they are showing an incidence close to 50% of cards still operational, not yet identified as compromised,” reported D3Lab in a blog post about the leak. Cybersecurity firm Cyble analyzed the credit card dump and told reporters the leak contains credit card numbers, expiration dates, CVVs, names, countries, states, cities, addresses, zip codes for each credit card, and email/phone numbers. While Cyble has only analyzed 400,000 cards so far, the top five associated banks are State Bank of India, JPMorgan Chase Bank, BBVA Bancomer, The Toronto Dominion Bank, and Poste Italiane.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased