Paul Mutton speculates that fraudsters have deployed the fake version of the Alphabay Market in an attempt to steal login credentials.
“Fraudsters operating on the AlphaBay darknet market are using phishing attacks to steal login credentials from other criminals. In this particular attack, the phishing site mimics the address of one of AlphaBay’s Tor hidden services.” wrote Mutton.
AlphaBay is today one of the most interesting black markets, it offers any kind of illegal products and services. It emerged in 2014 following the seizure down of Silk Road, it was founded by members of Russian carding forum and today it is the most important black market for payment card frauds.
The fake website mimics the login page of the Alphabay black market, including the CAPTCHA protection mechanism.
When Alphabay users login to the bogus website are redirected to the legitimate AlphaBay Market.
In order to replicate the legitimate website it was necessary to reproduce also the .onion address that is associated to the hidden service. This address is derived from the public key used to authenticate the connection, this means that it is very difficult to convincingly impersonate the site without having access to the owner’s key pair.
Fraudsters have computed a partial match using tools such as scallion and generate a similar address like pwoah7f5ivq74fmp.onion.
“However, in the case of this phishing attack, the fraudster has simply created a lookalike domain on the public internet, using the address pwoah7foa6au2pul.me.pn.” wrote Mutton.
“This phishing attack makes use of a me.pn domain, which was likely chosen because addresses under this domain can be registered for free, and the “.me.pn” string bears a (somewhat tenuous) similarity to the .onion TLD, at least in terms of its length.”
As explained by Mutton, this phishing attack is another example of fraudsters defrauding fraudsters.
It’s obvious that similar attacks represents a threat only for new users who are deceived by the replica, meanwhile AlphaBay veteran members will never fall victim of such kind of attack.
(Security Affairs – Black Market, dark web)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.