Card Not Present Fraud
,
Cybercrime
,
Fraud Management & Cybercrime
Researchers Identify 6 Underground Markets as Potential Successors
Cybercriminal gangs operating darknet stolen payment card marketplaces are scrambling to attract customers from the now-closed Joker’s Stash card market, according to the security firms Kela and Flashpoint.
See Also: Top 50 Security Threats
The administrator behind Joker’s Stash claims to have officially shut down the operation on Monday. Meanwhile, other criminal gangs offering stolen payment cards for sale have stepped up their promotional efforts (see: Joker’s Stash Reportedly Shutting Down Operations).
Among the darknet marketplaces vying to pick up former Joker’s Stash customers are Brian’s Club, Vclub, Yale Lodge and UniCC, Kela says.
Flashpoint’s researchers say the Ferum and Trump’s Dumps marketplaces are also attempting to build their clientele after the apparent demise of Joker’s Stash.
Joker’s Stash customers were likely already looking for a new marketplace, says the threat research firm Digital Shadows, due to the site’s declining customer service and having its service interrupted by law enforcement officials in December 2020.
Brian’s Club Rising to the Top
So far, Brian’s Club has gone the extra mile with its marketing efforts, Kela says. For example, it has replaced Joker’s Stash as the official sponsor of the popular underground forum Omerta, which focuses on payment card trading.
“With the heavy marketing and advertising that Brian’s Club has been investing in, it seems that the longtime attempts of marketing to credit card traders may be finally paying off now that Joker’s Stash is out of the picture,” says Victoria Kivilevich, a threat intelligence analyst with Kela. “Brian’s Club has been immodestly trying to steal the thunder by publishing an advertisement on the main page of [Russian-language forum] XSS, soon after the announcement by Joker’s Stash.”
Kela estimates about 5 million payment cards are being offered for sale through Brian’s Club. At its height, Joker’s Stash had about 30 million, Flashpoint estimates.
Brian’s Club has eight years of experience and offers criminals an easy way to conduct their illicit business, Flashpoint says.
But even if Brian’s Club soon becomes the dominant player, “it will still have to make up considerable ground to come close to rivaling Joker’s Stash at its peak,” Flashpoint says.
Next in Line?
Kela and Flashpoint also say that Yale Lodge could emerge as a dominant market for stolen card data because it operates both a Tor and clear web card shop and has a self-hosted checking service. This service allows the buyer to check to see if the card information being bought is valid.
Kivilevich points out, however, that Yale Lodge charges a $150 registration fee and a minimum deposit of $200, which is 10 times higher than what Joker’s Stash required.
Flashpoint says the operators of the Ferum market also have a wealth of experience and provide easy access, but the site has less card data available for sale than others.
Meanwhile, Trump’s Dumps, which is a newer operation, has increased its advertising, Flashpoint reports. It offers a variety of services, including a self-hosted checking service.
Kivilevich says she’s spotted Vclub members trying to recruit Joker’s Stash customers on darknet forums. But Kela’s research has found many complaints about the quality of cards available on Vclub.
And Kela reports it has seen almost 300,000 new stolen card data offerings being added on UniCC each week.
“Overall, the carding landscape is much bigger than the several markets we mentioned in this post,” Kivilevich says. “Moreover, cybercriminals buy cards and dumps not only in specialized shops but also on forums, via instant messaging channels, and behind closed doors in private deals.”
The Demise of Joker’s Stash
In January, the operator of Joker’s Stash announced the site would shut its doors on Feb. 15 and gave customers one month to settle their business dealings. Digital Shadow’s researchers say the site is very likely permanently offline.
This news came only a few weeks after several of the marketplace’s servers were reportedly taken down in a joint FBI and Interpol operation (see: After Joker’s Stash Closes, What Comes Next?).
“Joker’s Stash activity began to fall precipitously starting in July 2020,” the Flashpoint researchers note. “JokerStash, the shop administrator, built a reputation based on the shop’s reliable and quick customer responses. Since at least the end of July 2020, however, JokerStash’s normally speedy fielding of comments, complaints and feedback across top-tier forums began to ebb, and it grew increasingly worse and more sporadic in the following months.”