For example, ever-popular credential stuffing tool Sentry MBA includes features such as OCR (optical character recognition) functionality to bypass captcha challenges. But we also see criminals using older tools that still work well. The tools, methods, and means used to achieve credential stuffing have evolved significantly in the last couple of years. The sale of taken-over accounts is a popular and lucrative game. Many of these communities serve as a platform for vendors to sell custom configs, combo lists, and tools for the purpose of account takeover. Many of these servers host discussions related to broader hacking topics, including cracking, while some are specific to them. Some Discord servers serve as official channels attached to online cracking communities such as Nulled or even as a spillover community for darknet market users. There are several Discord servers that host discussions relating to cracking.
Security researchers have discovered OpenBullet’s source code for sale on Discord, as well as configuration files for the tool. In addition to serving as a platform for criminals to hawk stolen credentials, advertise doxxing services, and conduct other activities, Discord now offers access to several cracking communities. This influx of cracking activity makes sense as many displaced dark web communities have also found a home there. In addition to popular cracking communities on both the darknet and clearnet, there exists a burgeoning community for cracking services on the video game chat app Discord.
VirusTotal scans for many of these tools come out clean, but some of them may leave behind tell-tale signatures – user agent strings that give them away. Some of these tools are foreign and target services in different languages. These tools have been developed as standalone custom account checkers built to target specific services. New and improved credential stuffing tools have options for more targeting. Although these are not new, bonafide versions of the original tools have improved (with updates made by their original developers), and criminals are enjoying their new functionalities. Since our last post, some of these credential stuffing tools have been “modded” by members of online cracking communities. According to our research, newer versions of old cracking tools and next-generation account checkers are better at evading detection, cracking targeted applications, and bypassing countermeasures like captcha challenges. As criminals have become both more adept and more vigilant, so too have their tools.
0 kommentar(er)
