MagBO Black Market Hacking Site, Caught Selling 3,000 Website Login Credentials
Flashpoint, a cyber threat research firm has exposed MagBO as a black market site that is used as a central source for unauthorized access to 3,000 hacked websites. The new kid on the block when it comes to selling illegal access, MagBO directly competes with contemporaries: Mal4All, Nulled, HackForum and Exploit.in.
From MagBO’s menu of items for sale are:
- SQL Database Access
- Admin panel Access
- File Transfer Protocol Access
- Secure Socket Shell Access
- Domain Control Access
- Hosting Control Access
- PHP Shell Access
The 3,000 breached sites involved in the access sale were priced dissimilarly. Depending on its value proposition, cost range from fifty cents to a thousand US dollars. “Illicit access to compromised or backdoored sites and databases are used by criminals for a number of activities, ranging from spam campaigns to fraud, or cryptocurrency mining. These compromises have also been used to gain access to corporate networks. This could potentially allow actors to access proprietary internal documents or resources, as well as entry points through which they can drop various malicious payloads. The types of vulnerabilities present and the ways in which they can be exploited depending on the threat actor’s specific capability, motivation, targeting, and goals,” Kremez further explained.
MagBO’s website access for sale scheme comes with different access levels:
- Full Access permission
- Edit Access permission
- Insert new content permission
As of this writing, there is still no news if a takedown can be done against MagBO’s web servers. It is current target customers belong to the Russian cyber hacking market. The cost of website access credentials is most likely based on its traffic and how well the site is hosted and managed by the website administrator. A hacked website hosted on a much premium hosting service and with a more knowledgeable web admin may issue corrections, hence the sold user account is already disabled before being sold. The higher cost of user login credential is also based on how well the site is known.
“In addition to access to breached websites, this particular market also sells stolen photocopies of national documents for identity fraud, breached payment wallet access, compromised social media accounts, and Bitcoin mixer or tumbler services. High-value targets would obviously fetch a higher price and capabilities to inject payment card sniffers or other tools for deeper network penetration. Sites with a lower ranking and a lesser perceived value are more likely to be abused for cryptocurrency mining or spam delivery,” concluded Kremez.
Kevin Jones720 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.