People have been trying out new things and activities during this lockdown. Some have become TikTok masters while others have learned how to bake sourdough bread. Cybercriminals have put their own spin on passing time with online rap battles, poker tournaments, poem contests, and In-person sport tournaments. The twist is that the prize for winning these competitions is sometimes stolen data and tools to make cybercrime easier.
Researchers have noted that poker tournaments have become ever so popular in the cybercrime underground and with multiple forum threads advertising poker tournaments. Players can join the poker club forums, join the related poker group in Telegram, or install an application from the poker room at a specific poker site and join the club using the app. Participants have to play at least three times to become a member, and then play at least four times a month to keep their membership active. Not only poker tournaments, poetry and rap battles have also become more popular and occasionally cross streams with poker.
“Cybercriminals used the poems submitted to the contest to promote tournaments and prizes. These poems are written with heavy use of forum slang and could feature such phrases as “Teri give socks,” referring to SOCKS proxies; or “Sphere,” which refers to the customized browser Linken Sphere that malicious actors use to mimic legitimate user environments.”
Prizes in these competitions have included:
- Access to cloud-based logs of stolen data, including PII and stolen credit cards
- Licenses for Linken Sphere, a customized browser that uses stolen credentials and system fingerprints to avoid anti-fraud system detection; used to monetize stolen credit cards or payment systems credentials
- A Visa Gold card (with a seven-month warranty) registered using leaked scanned IDs
- Two airplane tickets purchased using a stolen credit card
- A script to automate the creation of cloned websites and e-shops often used to harvest user credentials, PII, credit cards, e-wallets, and other monetizable assets by tricking users into logging in and shopping on a cloned version of a website
- Verified Yandex money and QIWI wallets registered to money mules used for money transfers, as a means of payment in e-shops, or to purchase virtual private server (VPS) and other necessary assets for their business
- A license for credit card fraud anti-detection software, along with 50 custom configurations to mimic the legitimate credit card owner while avoiding detection by antifraud systems
- Monetary prizes that were originally accumulated through criminal activities
The researchers concluded by saying that,
“Criminally obtained assets being used as prizes for personal entertainment is a phenomenon that demonstrates the mentality of these criminals; the stolen assets are simply assets that can be awarded, traded, or given away.”