Friday, October 4, 2024
Homecyber securityHackers Selling $2 Million Worth South Korean & US Payment Card Details...

Hackers Selling $2 Million Worth South Korean & US Payment Card Details in The Underground Darknet Market

Published on

Researchers detected a dump containing details for nearly 400,000 payment card records uploaded to a popular darknet card shop on April 9. 

The database was comprised almost entirely of the payment records related to banks and financial organizations in South Korea and the US.

“During cardshop monitoring our Threat Intelligence system has detected a database under the name “SCARFACE-DISCOUNT-SALE-5USD (fresh skimmeD): USA (STATES MIX + few EU) TR1 + TR2/TR2, VALID 30-40%, uploaded 2020-04-09 (NON-REFUNDABLE BASE)” released and put up for sale on April 9.”

“Joker’s Stash – the infamous underground marketplace – put a USD 1,985,835 price tag on the set, at USD 5 apiece, and announced that dump had 30-40% valid rate” Group-IB told GBHackers on Security.

- Advertisement - EHA

Records Gathered from the Dumb

American card dumps have traditionally been most commonly traded in the dark web, but the South Korean payment card details are a very rare commodity in the underground.

  • The total number of records exposed is 397,365. 
  • Roughly 49.9% (198,233 items valued at USD 991,165) were from South Korea’s banks and financial organizations.
  • 49,3% were related to US banks and financial organizations.
  • Database of the credit and debit card details mainly contains Track 2 information including a magnetic stripe of a card, which includes the bank identification number (BIN), the account number, expiration date and may also include the card verification value (CVV)
Payment card details released on April 9

Starting from 2019 we have reported several incidents about the leaked data in Dark web and card data’s became the second most popular target in the underground by the number of massive abnormal spikes in their sales, surpassed only by US-issued dumps – all-time “champion” on this market.

Also, a number of instances originating from APAC, such as the sale of the record-breaking database holding more than 1.3 million credit and debit card dumps of mainly Indian banks‘ customers in October 2019.

These card dumps do not necessarily get compromised in a card-issuing country, the data can be snatched when a card owner travels overseas to a country where advanced payment security measures, such as EMV, are not widely implemented, and uses an infected Point-of-Sale (POS) terminal. 

The Track 2 data (also referred to as card dumps) is used for card-present transactions and usually comes from infected POS terminal, from ATM skimmers or breached merchant’s payment system. However, in this case, the source of the stolen data remains unknown. 

“Even though there is not enough information in this dump to make online purchases, fraudsters who buy this data can still cash out stolen records,”

“If a breach is not detected promptly by the card-issuing authority, crooks usually produce cloned cards (“white plastic”) and swiftly withdraw money via ATMs or use cloned cards for illicit in-person purchases. says Shawn Tay, senior threat intelligence analyst at Group-IB.

Researchers believe that this dumb of the data can be the biggest sale of South Korean records of credit and debit card details on the dark web in 2020, which contributes to the growing popularity of APAC-issued card dumps in the underground.

There is no clear evidence of the origin of this data. Researchers from Group-IB has informed proper authorities in South Korea and the US and closely work with them.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Doppler Launches ‘Change Requests’ to Strengthen Secrets Management Security with Audited Approvals

Doppler, the leading platform in secrets management, today announces the launch of Change Requests,...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...

Hackers Attacking AI Agents To Hijacking Customer Sessions

Conversational AI platforms, powered by chatbots, are witnessing a surge in malicious attacks, which...

Malicious App On Google Play Steals Cryptocurrency From Android Users

Cybercriminals have shifted their focus to mobile devices, targeting users with a malicious crypto...