Dark web marketplace BidenCash gives away 1.2 million free credit card details for promotion
"BidenCash", a dark web marketplace specializing in the sale of credit cards, advertised their marketplace by sharing a massive database dump of 12,251 credit cards, compressed to 69.2 MB in size, on their website and allowing anyone to download the credit card data for free to commit financial fraud.
The source of this credit card data for sale is typically stolen by planting malware on sales terminals and database attacks on payment sites. The administrators of the dark web marketplace decided to promote the site by sharing a larger database of credit cards in the same manner as the similar dark web credit card selling platform "All World Cards" in August 2021.
According to the analysis, BidenCash, a dark web marketplace launched in April 2022 to sell stolen credit card data, has already leaked credit card datasets twice as a promotional initiative, and in June, BidenCash shared a credit card dataset with a compressed size of 353MB.
In order to cope with DDoS (distributed denial of service) attacks, the dark web marketplace administrator recently posted a credit card dump on a new URL (bidencash.vodka), which of course could be a way to promote the new marketplace domain.
To promote the dark web marketplace BidenCash's free share campaign
To ensure greater reach, the BidenCash dark web marketplace administrators distributed files of this credit card data collection through bright web domains and other hacking and card selling forums.
The free-floating file contains "fresh" credit cards from around the world that expire between 2023 and 2026, but most of the data entries appear to be from the United States.
The dump of 1.2 million credit cards includes the following credit card and related personal information.
- Card number
- Expiration date
- CVV number
- Name of holder
- Bank name
- Card Type, Status and Rating
- Holder's address, state and zip code
- Email Address
- Social Security Number (SSN)
- Phone number
Not all of the 1.2 million records contain the above details, but most entries contain more than 70 percent of the data types.
The pages of the "special event" offers were first discovered Friday by Italian security researchers at D3Lab, which specializes in monitoring credit card sales sites on the dark web.
Analysts say the card data came mainly from cyber skimmers, malicious scripts injected into the checkout pages of hacked e-commerce sites to steal submitted credit card and customer information.
The authenticity of the compromised credit card data stores
Dark web posts and offers of this scale are usually scams, so a large number of credit card databases could easily be fake data or old recycled databases repackaged under new names.
The BleepingComputer article states that it discussed authenticity with analysts at D3Lab, who confirmed that the data from several Italian banks is authentic, so the leaked entries correspond to real cards and cardholders.
However, many of the entries were recovered from previous collections, such as the batch of data given away for free by All World Cards last year.
From the data checked by D3Labs so far, about 30% of the data is new, so if this applies roughly to the entire database, at least 350,000 cards are still valid.
Of the Italian bank cards, about 50 percent have been blocked because the issuing banks have detected fraud, meaning that the actual usable entries could be as low as 10 percent of the leaked data.
Dark Web marketplace BidenCash suspected to be a site run by Russian hackers
The Dark Web Marketplace BidenCash website is named after U.S. President Joe Biden, and the site's images use multiple photos of U.S. President Joe Biden, and the site's logo and icon are all photos of Biden's head, seemingly with the intention of targeting the United States.
From the analysis of the data set (https://bidencash.cc/cards/), most of the data came from the United States, and the others were mainly from Western countries such as Canada, the United Kingdom, and France, while only one data entry was shown to be from Russia.
In addition, an analysis of the Internet history reveals that the bidencash.ru website is suspected to be a test site for this dark web marketplace on the open web, registered on May 16, 2022, through the Russian registrar R01-RU.
The clearnet URL of "BidenCash"
Suspected test site.
Data release site.
The darknet URL of "BidenCash"
From：On DarkNet – Dark Web News and Analysis
Copyright of the article belongs to the author, please do not reproduce without permission.