fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Darknet Marketplace Snapshot Series: Amazin Market

Darknet Marketplace Snapshot Series: Amazin Market

Figure 1: Amazin Market’s Log-In Page
Figure 1: Amazin Market’s Log-In Page

This marketplace is engaging in blatant copyright infringement 

The most notable characteristic of the darknet marketplace Amazin is that the administrator is committing outright copyright infringement by unlawfully using Amazon’s intellectual property in their branding. In addition to cloning Amazon’s official logo and replacing the “o” with an “i,” (Amazon -> Amazin), the administrator of Amazin Market has also poached other branding characteristics from Amazon’s official website.

For example, the marketplace admin has laid the cloned spin-off logo on top of the exact same quintessential charcoal color that Amazon features on its website. The admin has also situated a white shopping cart in the top-right hand corner of the market, much like Amazon’s actual interface.

Amazin Market has a relatively intuitive user interface and customer support system, that continues to mirror Amazon’s both visually and navigationally. The market also heralds a robust vendor rating and review system. Referred to as a supplier rating, it measures the performance of darknet vendors on Amazin Market on an ongoing basis, as well as provides buyers on Amazin Market with the opportunity to make better purchasing decisions.

Figure 2: Amazin Market’s Homepage
Figure 2: Amazin Market’s Homepage

A look at what’s for sale

While Amazin market may look like Amazon from a visual perspective, the merchandise one can find being sold there is a major departure from the kitchenware and back-to-school supplies you’ll find on Amazon. Instead, Amazin market carries exclusively illicit supplies, such as hacked accounts and e-gift card codes.

Amazin Market appears to principally feature financial-related goods and services. Vendors on Amazin Market are currently advertising for sale hacked Amazon, JPMorgan and PayPal accounts, as well as compromised iTunes, Amazon, Google Play and GameStop e-gift card codes, sometimes 70-80% off face value.

In addition to hijacked accounts and e-gift card codes, vendors on Amazin Market are also advertising for sale money laundering services using PayPal, Payoneer and Western Union.

Figure 3: PayPal money laundering service advertised for sale on Amazin Market
Figure 3: PayPal money laundering service advertised for sale on Amazin Market
Figure 4: Western Union money laundering service advertised for sale on Amazin Market
Figure 4: Western Union money laundering service advertised for sale on Amazin Market

Of significance, DarkOwl discovered that one vendor is responsible for trafficking all of the stolen payment card information through Amazin Market. Known as ‘HQDumps,’ the vendor is selling ‘dumps,’ hacker-slang for stolen payment card information that can be used to conduct in-store card fraud.

After reviewing and analyzing all of HQDumps’s listings, DarkOwl was able to determine that HQDumps is currently selling financial details that belong to victims that reside around the world, particularly in the United States, Europe, Australia and Asia.

Also read: Understanding The Data Intermediary In Data Protection

Key things to know about Amazin Market

7 vendors currently operate on Amazin Market. The names of those vendors include, amazin, JPMorgan, RedBull, Babo, Patron, Joker and HQDumps. After reviewing all of HQDumps’s vendor reviews on Amazin Market, DarkOwl uncovered that HQDumps used to be a vendor on the Silk Road. It remains unknown what version of the Silk Road HQDumps was affiliated with, whether the original or post-Ulbricht versions.

DarkOwl also found that HQDumps used to be a member of the “MasterGroupOfSpam,” a Telegram Channel inhabited by 9,700+ cybercriminals involved in various criminal activities, primarily hacking and card fraud. It is important to note that HQDumps has not operated on Telegram (HQ DUMPS @ HQDUMPS) since late May.

Differentiating itself from other darknet markets, such as Infinity Market, Amazin Market does not reveal the precise number of stolen goods that each and every vendor is advertising. This feature may have been implemented in an effort to better protect Amazin Market’s vendors, as law enforcement agencies have been known to prioritize vendors by the sheer volume of illicit goods that they are individually offering.

Contrary to other darknet markets, Amazin Market only supports Bitcoin as a means of payment. At this time, DarkOwl has not observed any darknet forum chatter or related scrutiny related to this payment limitation. 

Amazin Market, like so many other markets on the darknet, has an escrow system. Escrow systems serve as third party vehicles that hold funds until both sides of the transaction have been completed. It’s an important feature as it acts as a way to protect both buyer and vendors from getting scammed.

DarkOwl analysts noticed that Amazin Market is listed on Tor66, a darknet search engine on the Tor Network that advertises many known scam services. Interestingly, Amazin Market is also listed as a ‘scam market’ on Dark Web Magazine’s dark web scam list. These findings support why the admin has had a difficult time gaining traction amidst the criminal underground, even with a darknet marketing incentive of $30 USD (as pictured below).

Figure 5: Visual of Amazin Market’s admin posting a darknet marketing incentive on his bazaar
Figure 5: Visual of Amazin Market’s admin posting a darknet marketing incentive on his bazaar

Who is behind Amazin market?

Figure 6: Visual of MoneyPlus’s Homepage
Figure 6: Visual of MoneyPlus’s Homepage

DarkOwl discovered a darknet market known as MoneyPlus with the same source code, vendor community and user-interface as Amazin Market. DarkOwl uncovered that the administrator of MoneyPlus (additional and possible alias Amazin) can be reached via email at [email protected]. At this time, DarkOwl does not have definitive evidence whether Amazin Market and MoneyPlus Market are affiliated, and whether both markets are run by the same administrator.

Additional research efforts revealed that Amazin Market has a dual presence on the deep web (hxxps://amazin.to and hxxps://amazin.biz). After running a WHOIS and IP Geo lookup around both domains, the first domain was found to be registered on March 28, 2014. The domain was also found to be protected by Cloudflare and linked to the IP address of 104.31.81.229, a server located in Manila, Philippines. The second domain was found to be registered on December 17, 2012. In contrast, the domain was not found to be protected by Cloudflare, and is linked to the IP address of 192.64.119.87, a server located in Los Angeles, CA.

As such, the actual location of the marketplace’s servers, as well as the identity of the marketplace’s administrator, remain unclear.

Also read: How Being Data Protection Trained Can Help With Job Retention

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us