Magbo penetrates 193 thousand servers around the world in two years

A team of information security experts revealed the penetration of the "Magbo" gang for electronic crime, 193 thousand servers around the world responsible for managing websites, information systems and services of governmental and financial institutions and private companies within two years, with the aim of selling the data of these institutions, through a store bearing the same gang name , It is currently offered sensitive data for 43 thousand servers, at prices ranging between $ 1 and $ 10,000. The team of experts at the company, "Kela", which specializes in information security and tracking criminal gangs via the Internet, recently published the details of the tracking process on the company's website, explaining that the gang opened its store in mid-2018, and it is still operating so far.

Gate

By analyzing the store's historical data, it is believed that the store was first launched in June 2018, and after its launch, it initially started just like any other e-crime service, that is, by advertising itself in several hacking forums.

According to many old ads, the site has largely advertised itself as a gateway, where other cybercrime groups can purchase access to hacked Web servers.

growth

Kela experts said that the store is currently running on the Internet, noting that access to it is only allowed for accredited members, while accreditation or membership acquisition requires an invitation from a person who already has the membership, who will refer it to the store management as a recommendation to the new person. They added that after approval, the new person can register himself and create a profile for himself on the store, indicating that the store has achieved 14 times the size it started in 2018, when when it opened it offered sensitive data for 3000 hacked computers only, then managed From increasing it to 193 thousand during two years, he sold 150 thousand of them, while currently showing data of 43 thousand computers at prices ranging between one and ten thousand dollars.

The most mysterious

According to the experts, the Magbo gang store is the most mysterious online marketplace, where hackers sell and buy sensitive data to hacked servers through it, and it performs better than ever, and its popularity has increased to become the largest criminal market of its kind since its launch, as it has become Controls about 90% of the sensitive data of the compromised servers offered for sale on the black internet market.

Parallel world

Experts also revealed that the store has developed its operations to become a destination through which to buy and sell together, unlike other similar stores that carry out the sale process only, which means that it works with the latest and best e-commerce methods online, and may use a level of systems in buying and selling, and organizing auctions , Similar to what is applied in major sites such as "eBay" and "Amazon".

Experts did not rule out that the store created a parallel parallel world for e-commerce within the dark Internet.

Sensitive data

The monitoring and analysis process revealed that the store receives customers who buy sensitive data for maid computers, either in large quantities in order to improve the search engines of criminals known as "black hats" owners, or criminals who specialize in attacks using the spread of malware and malware, or criminals who buy data Sensitive to selectively hacked servers, to be used to break into legitimate e-commerce stores, to rob their financial transactions, or to launch “ransom” attacks and encryption on websites and systems of government agencies and large companies.

"Web shells"

The "Magbo" store includes offers to sell what is known as "web shells", which are malicious programs that hackers install on the "web" servers, so that they provide a visual interface that can be used to interact with the hacked server, through which they can rename or copy new files, or Transfer, modify or upload to the server.

It can also be used to change file and directory permissions and permissions, or to archive, download, and steal data from the server.

Experts ’analyzes showed that the store began installing and displaying 1500“ web shells ”upon launch, then the number increased to reach 3,000 shells now, indicating that the store’s performance has evolved in offering these shells, as it links it to the price of the service that the buyer wants to obtain, including access to The back-end system of the compromised computer, access to its hosting board, as well as access to the SSH account of the server computer, which provides complete control over it, and access to the databases associated with the server.

She pointed out that providing these specialized services made the "web" shells the best products on the store, and the most attractive to hackers and criminals.