In one extreme incident on the Exploit forum, an account posted a lengthy complaint that they had provided someone with a Windows kernel exploit and hadn’t been paid the $130,000 they had agreed for it. The buyer said they would pay once they had tested the software but never stumped up the cash. “At each stage, he gave different excuses for delaying the payment,” a translated version of the complaint says.
In some scams, multiple accounts or people appeared to work together, the research says. A user with a good reputation can introduce one person to another. This accomplice then directs the victim to a scam website. In one instance, Wixey says, a user wanted to buy a fake copy of the NFT-focused game Axie Infinity. “They wanted a fake copy of it with the intent of basically siphoning off legitimate user’s funds,” Wixey says. “They bought this fake copy from someone else, and the fake copy contained a backdoor which then stole the stolen cryptocurrency.” The scammer was essentially being scammed through their own scam.
While it shouldn’t be a surprise that criminals often try to con each other—there’s no honor among cybercriminals, after all—the research shows how prevalent it is. In 2017, security firm Digital Shadows pointed out a database that had been created to name and shame known rippers. Similarly, in 2021, the firm found that some administrators on cybercrime forums are scamming their own customers. In the past decade, there have been thousands of complaints about criminals scamming each other, according to threat intelligence firm Analyst1. Meanwhile, a previous analysis from TrendMicro concluded that while forums and marketplaces have rules, they don’t deter scammers. “The perpetrators are typically those who go for quick profits over reputation,” the firm’s 2019 research says.
Arguably, the most organized scam that Sophos’ Wixey spotted stemmed from an investigation into the Genesis marketplace, which has been online since 2017 and sells hotel login details, cookies, and access to data from compromised systems. When researching Genesis, Sophos discovered a faked version of the website appearing high in Google’s search results. “This is a really bizarre case,” Wixey says. “It was a really basic WordPress template and it asked for money, whereas the real Genesis is invitation only.”
As well as not looking like the official Genesis market, the faked version showed other weird behaviors: It linked out to another cybercrime website, the Bitcoin address people could make payments to changed when someone clicked the copy and paste button on the website, and it was also being advertised on Reddit. These signs, Wixey says, hinted the fake could be a “coordinated” effort. Armed with details from the fake Genesis website—including portions of the text and cryptocurrency addresses—the researchers discovered 20 websites that all appear to be connected and run by the same group or individual. The websites all look the same and were registered between August 2021 and June 2022—eight of them are still live.
Almost all of these websites, Wixey says, imitate defunct criminal marketplaces and try to get people to pay to access them. The scam appears to work, too. The researcher says the Bitcoin addresses the scam sites pay into have collectively received $132,000, although he is cautious to say the money may all have come from the false websites. Sophos appeared to find one threat user who may be behind the sites—an actor going by the handle “waltcranston.” Among several pieces of information linking the handle to the sites, someone with the username claimed to have created the fake marketplaces on another forum.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest For News Update Click Here
