Trending

The latest hot topics from the Deep & Dark Web and beyond.

Blog > Trending

TreasureHunter Point-of-Sale Malware and Builder Source Code Leaked

The source code for a longstanding point-of-sale (PoS) malware family called TreasureHunter has been leaked on a top-tier Russian-speaking forum. Compounding the issue is the coinciding leak by the same actor of the source code for the malware’s graphical user interface builder and administrator panel. The availability of both code bases lowers the barrier for […]

Read more

Threat Actors Shift to Android-Based Carding, Struggle with iOS

By Flashpoint Analyst Team
May 9, 2018

Cybercriminals operating on Russian-language Deep & Dark Web (DDW) forums are demonstrating an increased interest in using mobile operating systems—specifically Android—to evade detection when using stolen payment card data to make fraudulent purchases online, Flashpoint analysts said. Since these schemes, known as carding, are typically carried out using desktop computers, many cybercriminals seem to believe […]

Read more

Botnet Operators Cash in on Travel Rewards Program Credentials

Flashpoint analysts have been tracking several small specialty shops in the Russian-language underground advertising access to the login credentials of customer accounts for travel and hospitality rewards points programs. Since the observed vendors appear to offer a small number of accounts from a large number of institutions, Flashpoint analysts believe the accounts were obtained incidentally […]

Read more

‘Rubella Macro Builder’ Crimeware Kit Emerges on Underground

A crimeware kit dubbed the Rubella Macro Builder has recently been gaining popularity among members of a top-tier Russian hacking forum. Despite being relatively new and unsophisticated, the kit has a clear appeal for cybercriminals: it’s cheap, fast, and can defeat basic static antivirus detection. First offered for sale in late February for the relatively […]

Read more

Fraudsters Leverage HTTP Injectors to Steal Internet Access

Threat actors are seeking and exchanging HTTP injectors in order to gain unpaid mobile access to the internet, defrauding service providers and telecommunications companies in the process. Flashpoint analysts have observed widespread chatter pertaining to the use of HTTP injectors, which modify HTTP headers on network requests with malicious code that tricks captive portals into […]

Read more

Inside the Underground Trade of Prescription Drugs

March 22, 2018

Flashpoint analysts have observed a thriving prescription drug trade on both the surface web and the Deep & Dark Web (DDW), with vendors advertising everything from high-risk, controlled substances such as Xanax and OxyContin to more benign medications, such as inhalers and eye drops. Surface-Web Pharmacies Surface-web pharmacies are online stores that sell a variety […]

Read more

SDA Protocol Payment Cards Remain a Target for Cybercriminals

Despite the heralded security of chip-and-PIN payment cards that follow the EMV (Europay, Mastercard and Visa) standard, some EMV cards are still undermined by the continued use of the static data authentication (SDA) protocol. SDA is one of three protocols that can be used to authenticate transactions, along with dynamic data authentication (DDA) and combined […]

Read more

Assessing Threats to the Pyeongchang 2018 Winter Olympics

Olympic events are high-budget, high-profile convergences of elite athletes and global media organizations that tend to carry inherently geopolitical undertones. As such, they can be seen as appealing targets for various cyber and physical adversaries motivated by financial or political gain. The 2018 Winter Olympics in Pyeongchang, South Korea are no exception, with the precarious […]

Read more

Inside a Twitter ‘Pornbot’ Campaign

February 12, 2018

Flashpoint analysts recently investigated the trend of adult entertainment-themed Twitter bots known as pornbots, which post tweets with hashtags containing popular brand names alongside random, unrelated terms. The observed set of pornbots appears to be a mix of compromised accounts and accounts specifically created to advertise pornography. As such, organizations mentioned in these bots’ pornographic […]

Read more