A recently identified dark web portal is offering illegal services related to financial fraud, identity theft, and money laundering. Named the Styx Marketplace, the portal offers data dumps, cash-out services, fake and stolen IDs, SIM cards, multi-factor authentication bypass solutions, banking malware, and other types of illegal services. Initially mentioned on the dark web in early 2022, the marketplace opened in January 2023, following an escrow module for brokering transactions between cybercriminals.
Styx originated in Greek mythology as The Styx, the mythical river of death. This waterway separates the world of the living from the realm of the dead. Maybe an omen of bad things to come from a criminal sales portal.
Registered users are given access to various illicit services on the portal. A ‘Trusted Sellers’ section also exists, likely for vendors vetted by the Styx administrators. Some of the service descriptions are limited. As a security measure, the marketplace connects actors via Telegram contacts and various automated bots. Users interested in purchasing services are first required to fund their Styx wallet in cryptocurrency, with available options including Bitcoin (BTC), Ethereum (ETH), and Tether (USDT).
Researchers have linked Styx to tools for online-banking theft, anti-fraud bypasses, and identity spoofers, including some marketed via Telegram channels. Some of these tools are optimized for mobile devices. The focus of Styx remains the selling of compromised online banking credentials, stolen credit card data, and cryptocurrency and e-commerce accounts. The marketplace facilitates ‘digital bank’ and VCC (virtual credit card) fraud.
Additional Styx vendors sell personally identifiable information (PII), including stolen Social Security numbers (SSNs). One vendor sells large volumes of SSNs and ID-related data of victims in the US, Canada, the Netherlands, the UK, and other countries, along with stolen business data. Fake IDs and document forgery represent another significant product offering available on Styx. One vendor uses the trade name ‘Podorozhnik,’ which is well known on the dark web and widely used by cybercriminals.
Styx also offers the services of vendors offering money laundering, such as cash-out services from stolen banking, cryptocurrency exchange, e-commerce, and VCC accounts. Styx-listed firms provide telephone and email flood services, tutorials on performing cybercrime and fraud, and other fraud services. It appears to be a one-stop shopping mall for criminals.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
Comments